Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] trojan infection and repeat antivirus pro infections


  • This topic is locked This topic is locked
19 replies to this topic

#1 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 28 September 2009 - 08:15 AM

Hi annoying problem here was infected with antiviruspro which i removed with malwarebytes. keep getting reinfected though and keep uninstalling all the associated nasty malware with Malwarebytes.Any assistance would be great - i know how effective the experts are on this site as Ken545 helped me get rid of a previous problem before. cheers guys ill await your instructions as before. Matt

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 September 2009 - 11:24 PM

Hello mattskelly,
Welcome to What the Tech.
My name is OCD, I will be helping you today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

In order to make an evaluation of the condition of your computer I will need for you to provide me with a few logs.

If you are running Windows Vista you will need to Right Click on the icon on your desktop and select "Run As Administrator" for these tools.

Please run RootRepeal

  • Download RootRepeal from one of the following locations and save it to your desktop.
    Here
    Here
    or Here

  • Open Posted Image on your desktop.

  • Click the Posted Image tab.

  • Click the Posted Image button.

  • In the Select Scan dialog, check

    Posted Image

  • Push Ok
  • Check the box for your main system drive (Usually C:), and press OK.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
- - - - - Next - - - - -

Please download DDS from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
- - - - - Next - - - - -

On your next post please provide the following:
  • RootRepeal.txt
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
  • MBAM log from your most recent scan (if available)
  • Tell me how your computer is running at the moment.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 29 September 2009 - 02:05 AM

thanks ocd for the quick reply here's the following requested logs Rootrepeal.txt ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/29 08:48 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_diskdump.sys Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys Address: 0xA4BC8000 Size: 16384 File Visible: No Signed: - Status: - Name: dump_JRAID.sys Image Path: C:\WINDOWS\System32\Drivers\dump_JRAID.sys Address: 0xA4B34000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA113F000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa46976b8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa4697574 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa4697a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa469714c #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa469764e #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa469776e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa469772e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa46978ae ==EOF== MBAM Log ( definitions updated today) Malwarebytes' Anti-Malware 1.41 Database version: 2870 Windows 5.1.2600 Service Pack 2 29/09/2009 08:59:21 mbam-log-2009-09-29 (08-59-21).txt Scan type: Quick Scan Objects scanned: 91766 Time elapsed: 1 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Problem with DDS - disabled Avast antivirus and my other spyware programs ran DDS and got this error message : system cannot find file specified. cheers matts '

#4 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 29 September 2009 - 02:14 AM

forgot to add that my pc seems to be running fine -no noticable slowdowns - just certain sites seem to trigger that antivirus pro infection that i mentioned in my first post. cheers matts

#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 October 2009 - 01:36 AM

Hello mattskelly,
  • You may want to print out these instructions for reference prior to proceeding.
  • This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
  • If you have any questions, or are uncertain about any steps please ask 'before' proceeding.
- - - - - Next - - - - -

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    You may need two posts to fit them both in.
- - - - - Next - - - - -

On your next post please provide the following:
  • OTL logs OTL.Txt and Extras.Txt
  • Tell me how your computer is running at the moment.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#6 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 October 2009 - 09:24 AM

hi ocd
heres my OTL.TXT LOG

OTL logfile created on: 01/10/2009 16:16:52 - Run 2
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.26% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 337.37 Gb Free Space | 72.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-EFDA78A10B
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\System32\oodag.exe (O&O Software GmbH)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Razer\Habu\razerhid.exe ()
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Razer\Habu\razertra.exe ()
PRC - C:\Program Files\Razer\Habu\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (CTUPnPSv [On_Demand | Stopped]) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (nTuneService [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (O&O Defrag [Auto | Running]) -- C:\WINDOWS\System32\oodag.exe (O&O Software GmbH)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wwEngineSvc [Auto | Running]) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (COMMONFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Running]) -- C:\WINDOWS\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (ha20x2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (HabuFltr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (JGOGO [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (JRAID [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (Jukebox3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys (Creative Technology Ltd.)
DRV - (LGDDCDevice [On_Demand | Stopped]) -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys ()
DRV - (LGII2CDevice [On_Demand | Stopped]) -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys ()
DRV - (NCHSSVAD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (NTPASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\NTPASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVR0Dev [On_Demand | Running]) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT73 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/19 18:51:40 | 00,000,000 | ---D | M]


O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = F7 FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/05 15:02:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/01 15:50:58 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009/10/01 03:24:50 | 00,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\resident evil 4.lnk
[2009/10/01 03:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\CAPCOM
[2009/09/30 23:06:42 | 00,000,000 | ---D | C] -- C:\xGAMESx
[2009/09/30 22:57:46 | 00,001,552 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Head Over Heels.lnk
[2009/09/30 22:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\HeadOverHeels
[2009/09/30 16:34:11 | 00,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2009/09/30 16:34:11 | 00,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2009/09/29 08:53:05 | 00,361,355 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\dds.pif
[2009/09/29 08:51:03 | 00,361,355 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009/09/28 15:01:26 | 00,019,004 | ---- | C] () -- C:\WINDOWS\sekoxolofi.dat
[2009/09/28 15:01:26 | 00,018,059 | ---- | C] () -- C:\WINDOWS\icyvudydux.bin
[2009/09/28 15:01:26 | 00,017,995 | ---- | C] () -- C:\Program Files\Common Files\taxifenaw._sy
[2009/09/28 15:01:26 | 00,017,371 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gycit.db
[2009/09/28 15:01:26 | 00,016,788 | ---- | C] () -- C:\WINDOWS\dezidiw._dl
[2009/09/28 15:01:26 | 00,016,558 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\xuzokefah.inf
[2009/09/28 15:01:26 | 00,016,393 | ---- | C] () -- C:\WINDOWS\joqi.reg
[2009/09/28 15:01:26 | 00,016,048 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qafy.db
[2009/09/28 15:01:26 | 00,015,937 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ilota.ban
[2009/09/28 15:01:26 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\toro.dat
[2009/09/28 15:01:26 | 00,015,646 | ---- | C] () -- C:\Program Files\Common Files\uvos.db
[2009/09/28 15:01:26 | 00,015,556 | ---- | C] () -- C:\WINDOWS\vasybysi.inf
[2009/09/28 15:01:26 | 00,015,157 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\isev.bin
[2009/09/28 15:01:26 | 00,014,742 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\majyqi.dl
[2009/09/28 15:01:26 | 00,014,705 | ---- | C] () -- C:\Program Files\Common Files\ipigewu.bat
[2009/09/28 15:01:26 | 00,014,535 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\ezoda._dl
[2009/09/28 15:01:26 | 00,014,234 | ---- | C] () -- C:\WINDOWS\hutodi.db
[2009/09/28 15:01:26 | 00,013,144 | ---- | C] () -- C:\WINDOWS\System32\sumywaz.exe
[2009/09/28 15:01:26 | 00,012,682 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\guci.pif
[2009/09/28 15:01:26 | 00,011,968 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\puhykixavi.inf
[2009/09/28 15:01:26 | 00,011,624 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ewupiq.pif
[2009/09/28 15:01:26 | 00,010,539 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ymydu.bat
[2009/09/28 14:58:15 | 00,005,632 | ---- | C] () -- C:\rlswn.exe
[2009/09/28 08:44:47 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Spybot - Search & Destroy.lnk
[2009/09/28 08:39:36 | 00,000,000 | ---D | C] -- C:\ie-spyad
[2009/09/28 08:39:27 | 00,258,560 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\ie-spyad.exe
[2009/09/28 08:37:49 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\SpywareGuard LiveUpdate.lnk
[2009/09/28 08:37:49 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Matt\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/09/28 08:37:49 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\SpywareGuard.lnk
[2009/09/28 08:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2009/09/28 08:31:19 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\SpywareBlaster.lnk
[2009/09/28 08:31:18 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/09/28 08:30:56 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Matt\Desktop\spywareblastersetup42.exe
[2009/09/28 08:23:47 | 00,018,647 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wykys._dl
[2009/09/28 08:23:47 | 00,018,052 | ---- | C] () -- C:\WINDOWS\zuxunapiz.vbs
[2009/09/28 08:23:47 | 00,017,820 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\uqehe.dat
[2009/09/28 08:23:47 | 00,016,365 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\pajy.bin
[2009/09/28 08:23:47 | 00,016,019 | ---- | C] () -- C:\WINDOWS\fycy.sys
[2009/09/28 08:23:47 | 00,015,922 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ydiwoluze.reg
[2009/09/28 08:23:47 | 00,015,733 | ---- | C] () -- C:\WINDOWS\ejobijocyf.dl
[2009/09/28 08:23:47 | 00,013,782 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\omug.com
[2009/09/28 08:23:47 | 00,013,362 | ---- | C] () -- C:\WINDOWS\System32\osybider.bin
[2009/09/28 08:23:47 | 00,012,942 | ---- | C] () -- C:\Program Files\Common Files\bujokafo.pif
[2009/09/28 08:23:47 | 00,012,566 | ---- | C] () -- C:\WINDOWS\System32\zawyz.dl
[2009/09/28 08:23:47 | 00,012,193 | ---- | C] () -- C:\Program Files\Common Files\hodijik.dat
[2009/09/28 08:23:47 | 00,012,081 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\rakefo.sys
[2009/09/28 08:23:47 | 00,011,944 | ---- | C] () -- C:\Program Files\Common Files\mava.exe
[2009/09/28 08:23:47 | 00,011,559 | ---- | C] () -- C:\Program Files\Common Files\etasiwy.vbs
[2009/09/28 08:23:47 | 00,011,469 | ---- | C] () -- C:\WINDOWS\System32\aqyno.dll
[2009/09/28 08:23:47 | 00,010,765 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\yhutixaz.db
[2009/09/28 08:23:47 | 00,010,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fyqixijun.ban
[2009/09/25 08:34:30 | 00,019,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qamaje.reg
[2009/09/25 08:34:30 | 00,019,116 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\unof.reg
[2009/09/25 08:34:30 | 00,018,201 | ---- | C] () -- C:\Program Files\Common Files\upimefe.bat
[2009/09/25 08:34:30 | 00,017,094 | ---- | C] () -- C:\Program Files\Common Files\saxiwuwyb.bin
[2009/09/25 08:34:30 | 00,016,780 | ---- | C] () -- C:\Program Files\Common Files\rasywycys.pif
[2009/09/25 08:34:30 | 00,016,719 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rigybypol.scr
[2009/09/25 08:34:30 | 00,015,948 | ---- | C] () -- C:\WINDOWS\ubyw.vbs
[2009/09/25 08:34:30 | 00,015,903 | ---- | C] () -- C:\WINDOWS\izesigani.reg
[2009/09/25 08:34:30 | 00,014,211 | ---- | C] () -- C:\WINDOWS\afagy.dat
[2009/09/25 08:34:30 | 00,014,104 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kavudubemi.vbs
[2009/09/25 08:34:30 | 00,012,467 | ---- | C] () -- C:\WINDOWS\abyjy.ban
[2009/09/25 08:34:30 | 00,011,159 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\hivo.db
[2009/09/25 08:34:30 | 00,011,152 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gexabetus.inf
[2009/09/25 08:34:30 | 00,011,008 | ---- | C] () -- C:\Program Files\Common Files\boji.com
[2009/09/25 08:34:30 | 00,010,782 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ruwi.vbs
[2009/09/24 09:25:08 | 00,019,573 | ---- | C] () -- C:\WINDOWS\tyloxynafa.inf
[2009/09/24 09:25:08 | 00,019,467 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\ufaxi.dat
[2009/09/24 09:25:08 | 00,019,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\efiv.reg
[2009/09/24 09:25:08 | 00,018,788 | ---- | C] () -- C:\WINDOWS\gidire.ban
[2009/09/24 09:25:08 | 00,018,687 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wiked.com
[2009/09/24 09:25:08 | 00,018,226 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zezo.lib
[2009/09/24 09:25:08 | 00,018,069 | ---- | C] () -- C:\WINDOWS\ofylesal.ban
[2009/09/24 09:25:08 | 00,017,656 | ---- | C] () -- C:\Program Files\Common Files\avamih.db
[2009/09/24 09:25:08 | 00,017,564 | ---- | C] () -- C:\Program Files\Common Files\tuzihuzohe.pif
[2009/09/24 09:25:08 | 00,016,543 | ---- | C] () -- C:\WINDOWS\tihubasega.bin
[2009/09/24 09:25:08 | 00,016,272 | ---- | C] () -- C:\WINDOWS\yjoza.lib
[2009/09/24 09:25:08 | 00,015,924 | ---- | C] () -- C:\WINDOWS\ipyxag.reg
[2009/09/24 09:25:08 | 00,015,802 | ---- | C] () -- C:\Program Files\Common Files\rywuk.bat
[2009/09/24 09:25:08 | 00,015,777 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ysyn.pif
[2009/09/24 09:25:08 | 00,015,528 | ---- | C] () -- C:\WINDOWS\System32\ilyfyjapij.db
[2009/09/24 09:25:08 | 00,014,850 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\ixulig.com
[2009/09/24 09:25:08 | 00,014,103 | ---- | C] () -- C:\WINDOWS\System32\qupogywoko._sy
[2009/09/24 09:25:08 | 00,013,722 | ---- | C] () -- C:\WINDOWS\ipururi.pif
[2009/09/24 09:25:08 | 00,012,791 | ---- | C] () -- C:\Program Files\Common Files\becimi.inf
[2009/09/24 09:25:08 | 00,012,141 | ---- | C] () -- C:\Program Files\Common Files\iqizozysan.dll
[2009/09/24 09:25:08 | 00,010,980 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihuloziz.inf
[2009/09/24 09:25:08 | 00,010,771 | ---- | C] () -- C:\WINDOWS\ifiwyj.bin
[2009/09/24 09:25:08 | 00,010,462 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\vewyk.pif
[2009/09/24 09:25:08 | 00,010,109 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\edinoty.lib
[2009/09/24 09:25:08 | 00,010,056 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\abowonuv.db
[2009/09/23 16:27:22 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/09/23 16:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/09/22 16:50:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\films and comics
[2009/09/22 13:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
[2009/09/22 13:54:30 | 00,000,000 | ---D | C] -- C:\Program Files\Smart Mod Manager
[2009/09/22 13:27:43 | 00,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/09/22 13:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\THQ
[2009/09/22 13:19:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\STALKER-SHOC
[2009/09/12 19:31:33 | 00,000,580 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\SS2 Mod Manager.lnk
[2009/09/12 19:11:15 | 00,000,000 | ---D | C] -- C:\Sshock2
[2009/09/08 20:02:23 | 00,000,576 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/09/08 20:02:18 | 00,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clive Barker's Undying™.lnk
[2009/09/08 20:00:01 | 00,000,000 | ---D | C] -- C:\Program Files\Clive Barker's Undying
[2009/09/08 10:54:26 | 00,098,816 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\buffy season 4.doc
[2009/08/09 06:52:28 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/08 09:15:25 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/08/08 09:15:25 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/08/08 09:15:25 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/08/08 09:15:25 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/05/29 18:32:10 | 00,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2009/01/15 08:19:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 08:19:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 08:19:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 08:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/10 15:47:52 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/22 05:29:06 | 00,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/22 17:27:42 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/19 21:51:18 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/07/15 02:13:34 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/06/11 01:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/11 01:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 23:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/09 21:59:09 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/28 18:51:27 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/04/24 19:40:33 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/04/16 23:17:39 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/04/11 16:03:57 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/10 21:11:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/05 15:20:19 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/02/25 14:55:32 | 00,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/02/20 21:24:36 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/02/20 21:00:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/01/13 02:08:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/05/24 05:38:39 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/02/28 13:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/01 15:51:00 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009/10/01 15:49:43 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/01 15:49:06 | 00,244,180 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/10/01 15:46:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/01 15:46:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/01 15:46:36 | 00,540,096 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2009/10/01 04:26:07 | 00,054,760 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2009/10/01 04:26:07 | 00,054,760 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2009/10/01 04:26:07 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2009/10/01 03:19:53 | 00,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\resident evil 4.lnk
[2009/10/01 00:24:50 | 04,246,946 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2009/09/30 22:57:46 | 00,001,552 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Head Over Heels.lnk
[2009/09/30 01:15:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/30 00:41:32 | 00,079,872 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/29 08:53:07 | 00,361,355 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\dds.pif
[2009/09/29 08:51:05 | 00,361,355 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009/09/28 15:01:26 | 00,019,004 | ---- | M] () -- C:\WINDOWS\sekoxolofi.dat
[2009/09/28 15:01:26 | 00,018,059 | ---- | M] () -- C:\WINDOWS\icyvudydux.bin
[2009/09/28 15:01:26 | 00,017,995 | ---- | M] () -- C:\Program Files\Common Files\taxifenaw._sy
[2009/09/28 15:01:26 | 00,017,371 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gycit.db
[2009/09/28 15:01:26 | 00,016,788 | ---- | M] () -- C:\WINDOWS\dezidiw._dl
[2009/09/28 15:01:26 | 00,016,558 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\xuzokefah.inf
[2009/09/28 15:01:26 | 00,016,393 | ---- | M] () -- C:\WINDOWS\joqi.reg
[2009/09/28 15:01:26 | 00,016,048 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qafy.db
[2009/09/28 15:01:26 | 00,015,937 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ilota.ban
[2009/09/28 15:01:26 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\toro.dat
[2009/09/28 15:01:26 | 00,015,646 | ---- | M] () -- C:\Program Files\Common Files\uvos.db
[2009/09/28 15:01:26 | 00,015,556 | ---- | M] () -- C:\WINDOWS\vasybysi.inf
[2009/09/28 15:01:26 | 00,015,157 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\isev.bin
[2009/09/28 15:01:26 | 00,014,742 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\majyqi.dl
[2009/09/28 15:01:26 | 00,014,705 | ---- | M] () -- C:\Program Files\Common Files\ipigewu.bat
[2009/09/28 15:01:26 | 00,014,535 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\ezoda._dl
[2009/09/28 15:01:26 | 00,014,234 | ---- | M] () -- C:\WINDOWS\hutodi.db
[2009/09/28 15:01:26 | 00,013,144 | ---- | M] () -- C:\WINDOWS\System32\sumywaz.exe
[2009/09/28 15:01:26 | 00,012,682 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\guci.pif
[2009/09/28 15:01:26 | 00,011,968 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\puhykixavi.inf
[2009/09/28 15:01:26 | 00,011,624 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ewupiq.pif
[2009/09/28 15:01:26 | 00,010,539 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ymydu.bat
[2009/09/28 14:58:15 | 00,005,632 | ---- | M] () -- C:\rlswn.exe
[2009/09/28 08:44:47 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Spybot - Search & Destroy.lnk
[2009/09/28 08:39:28 | 00,258,560 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\ie-spyad.exe
[2009/09/28 08:37:49 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\SpywareGuard LiveUpdate.lnk
[2009/09/28 08:37:49 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Matt\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/09/28 08:37:49 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\SpywareGuard.lnk
[2009/09/28 08:31:19 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\SpywareBlaster.lnk
[2009/09/28 08:31:07 | 03,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Matt\Desktop\spywareblastersetup42.exe
[2009/09/28 08:23:47 | 00,018,647 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wykys._dl
[2009/09/28 08:23:47 | 00,018,052 | ---- | M] () -- C:\WINDOWS\zuxunapiz.vbs
[2009/09/28 08:23:47 | 00,017,820 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\uqehe.dat
[2009/09/28 08:23:47 | 00,016,365 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\pajy.bin
[2009/09/28 08:23:47 | 00,016,019 | ---- | M] () -- C:\WINDOWS\fycy.sys
[2009/09/28 08:23:47 | 00,015,922 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ydiwoluze.reg
[2009/09/28 08:23:47 | 00,015,733 | ---- | M] () -- C:\WINDOWS\ejobijocyf.dl
[2009/09/28 08:23:47 | 00,013,782 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\omug.com
[2009/09/28 08:23:47 | 00,013,362 | ---- | M] () -- C:\WINDOWS\System32\osybider.bin
[2009/09/28 08:23:47 | 00,012,942 | ---- | M] () -- C:\Program Files\Common Files\bujokafo.pif
[2009/09/28 08:23:47 | 00,012,566 | ---- | M] () -- C:\WINDOWS\System32\zawyz.dl
[2009/09/28 08:23:47 | 00,012,193 | ---- | M] () -- C:\Program Files\Common Files\hodijik.dat
[2009/09/28 08:23:47 | 00,012,081 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\rakefo.sys
[2009/09/28 08:23:47 | 00,011,944 | ---- | M] () -- C:\Program Files\Common Files\mava.exe
[2009/09/28 08:23:47 | 00,011,559 | ---- | M] () -- C:\Program Files\Common Files\etasiwy.vbs
[2009/09/28 08:23:47 | 00,011,469 | ---- | M] () -- C:\WINDOWS\System32\aqyno.dll
[2009/09/28 08:23:47 | 00,010,765 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\yhutixaz.db
[2009/09/28 08:23:47 | 00,010,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fyqixijun.ban
[2009/09/26 18:58:05 | 00,013,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/25 08:34:30 | 00,019,775 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qamaje.reg
[2009/09/25 08:34:30 | 00,019,116 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\unof.reg
[2009/09/25 08:34:30 | 00,018,201 | ---- | M] () -- C:\Program Files\Common Files\upimefe.bat
[2009/09/25 08:34:30 | 00,017,094 | ---- | M] () -- C:\Program Files\Common Files\saxiwuwyb.bin
[2009/09/25 08:34:30 | 00,016,780 | ---- | M] () -- C:\Program Files\Common Files\rasywycys.pif
[2009/09/25 08:34:30 | 00,016,719 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rigybypol.scr
[2009/09/25 08:34:30 | 00,015,948 | ---- | M] () -- C:\WINDOWS\ubyw.vbs
[2009/09/25 08:34:30 | 00,015,903 | ---- | M] () -- C:\WINDOWS\izesigani.reg
[2009/09/25 08:34:30 | 00,014,211 | ---- | M] () -- C:\WINDOWS\afagy.dat
[2009/09/25 08:34:30 | 00,014,104 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kavudubemi.vbs
[2009/09/25 08:34:30 | 00,012,467 | ---- | M] () -- C:\WINDOWS\abyjy.ban
[2009/09/25 08:34:30 | 00,011,159 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hivo.db
[2009/09/25 08:34:30 | 00,011,152 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gexabetus.inf
[2009/09/25 08:34:30 | 00,011,008 | ---- | M] () -- C:\Program Files\Common Files\boji.com
[2009/09/25 08:34:30 | 00,010,782 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ruwi.vbs
[2009/09/24 09:25:08 | 00,019,573 | ---- | M] () -- C:\WINDOWS\tyloxynafa.inf
[2009/09/24 09:25:08 | 00,019,467 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\ufaxi.dat
[2009/09/24 09:25:08 | 00,019,085 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\efiv.reg
[2009/09/24 09:25:08 | 00,018,788 | ---- | M] () -- C:\WINDOWS\gidire.ban
[2009/09/24 09:25:08 | 00,018,687 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wiked.com
[2009/09/24 09:25:08 | 00,018,226 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zezo.lib
[2009/09/24 09:25:08 | 00,018,069 | ---- | M] () -- C:\WINDOWS\ofylesal.ban
[2009/09/24 09:25:08 | 00,017,656 | ---- | M] () -- C:\Program Files\Common Files\avamih.db
[2009/09/24 09:25:08 | 00,017,564 | ---- | M] () -- C:\Program Files\Common Files\tuzihuzohe.pif
[2009/09/24 09:25:08 | 00,016,543 | ---- | M] () -- C:\WINDOWS\tihubasega.bin
[2009/09/24 09:25:08 | 00,016,272 | ---- | M] () -- C:\WINDOWS\yjoza.lib
[2009/09/24 09:25:08 | 00,015,924 | ---- | M] () -- C:\WINDOWS\ipyxag.reg
[2009/09/24 09:25:08 | 00,015,802 | ---- | M] () -- C:\Program Files\Common Files\rywuk.bat
[2009/09/24 09:25:08 | 00,015,777 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ysyn.pif
[2009/09/24 09:25:08 | 00,015,528 | ---- | M] () -- C:\WINDOWS\System32\ilyfyjapij.db
[2009/09/24 09:25:08 | 00,014,850 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\ixulig.com
[2009/09/24 09:25:08 | 00,014,103 | ---- | M] () -- C:\WINDOWS\System32\qupogywoko._sy
[2009/09/24 09:25:08 | 00,013,722 | ---- | M] () -- C:\WINDOWS\ipururi.pif
[2009/09/24 09:25:08 | 00,012,791 | ---- | M] () -- C:\Program Files\Common Files\becimi.inf
[2009/09/24 09:25:08 | 00,012,141 | ---- | M] () -- C:\Program Files\Common Files\iqizozysan.dll
[2009/09/24 09:25:08 | 00,010,980 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ihuloziz.inf
[2009/09/24 09:25:08 | 00,010,771 | ---- | M] () -- C:\WINDOWS\ifiwyj.bin
[2009/09/24 09:25:08 | 00,010,462 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\vewyk.pif
[2009/09/24 09:25:08 | 00,010,109 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\edinoty.lib
[2009/09/24 09:25:08 | 00,010,056 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\abowonuv.db
[2009/09/22 13:27:43 | 00,001,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/09/20 18:50:09 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/09/20 11:56:04 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Steam.lnk
[2009/09/12 19:31:33 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\SS2 Mod Manager.lnk
[2009/09/12 19:13:19 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/12 19:13:19 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/11 23:05:09 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/11 23:01:35 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/08 20:02:23 | 00,000,576 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/09/08 20:02:18 | 00,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clive Barker's Undying™.lnk
[2009/09/08 10:54:26 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\buffy season 4.doc
[2009/09/04 17:15:34 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job

========== LOP Check ==========

[2009/09/28 15:01:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/13 11:51:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/03/13 09:51:21 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4D18D6A0-D216-4470-B464-1F2DC271458B}
[2009/03/13 09:51:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6608C652-8B5C-4778-BAC8-B59DD368D024}
[2009/08/13 11:53:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ADCC9DAF-34D1-4565-92F1-DDB872DCF596}
[2008/04/10 21:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/04/16 23:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/06/05 16:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/08/07 20:38:49 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\f6d0392
[2009/08/13 15:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/09/16 00:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/09/16 00:11:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/08/08 16:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/29 22:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/05 15:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/28 15:03:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Matt\Application Data
[2008/04/24 19:42:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Acronis
[2008/05/01 00:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ahead
[2009/08/18 14:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Bioshock
[2009/05/07 18:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\CoSoSys
[2009/08/30 18:06:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FUEL Demo
[2008/10/19 08:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FUJIFILM
[2009/02/05 11:01:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Lionhead Studios
[2008/09/16 00:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NCH Swift Sound
[2008/06/04 19:29:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Matt\Application Data\SecuROM
[2009/08/08 16:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Simply Super Software
[2009/09/22 14:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
[2008/04/05 15:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TuneUp Software
[2009/02/13 23:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2009/09/04 17:15:34 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2006/02/28 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/01 15:49:43 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/01 15:46:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#7 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 October 2009 - 09:25 AM

HI OCD heres my OTL extras log

OTL Extras logfile created on: 01/10/2009 16:15:37 - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.31% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 337.37 Gb Free Space | 72.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-EFDA78A10B
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7200:TCP" = 7200:TCP:*:Enabled:BitComet 7200 TCP
"7200:UDP" = 7200:UDP:*:Enabled:BitComet 7200 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\SteamApps\mattkelly73\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\mattkelly73\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe" = C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe" = C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™ -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"C:\Program Files\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1EEAEAD7-95F3-489C-AB71-D188D530A951}" = Wireless USB Card
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6AF27BF0-BF58-4877-BB76-45B0281D4E36}" = Smart Mod Manager
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD® Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{E07F4F90-2BC6-4843-B62D-309D9170986E}" = resident evil 4
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AudioCS" = Creative Audio Console
"avast!" = avast! Antivirus
"C248DC5465E4500BAAAE52DF5A4C1714C1714ABE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
"CDisplay_is1" = CDisplay 1.8
"Creative Centrale" = Creative Centrale
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Crysis WARHEAD®" = Crysis WARHEAD®
"Crysis WARHEAD® Patch" = Crysis WARHEAD® Patch
"Deus Ex" = Deus Ex
"Deus Ex: Invisible War Unified Texture Pack ver.1.0" = Deus Ex - Invisible War Unified Texture Pack, ver. 1.0
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"GCFScape_is1" = GCFScape 1.6.7
"HeadOverHeels" = NSIS HeadOverHeels (remove only)
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"SShockDeinstallKey" = System Shock2
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SysInfo" = Creative System Information
"The Nameless Mod" = The Nameless Mod
"TrueImage" = Acronis True Image
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 0.9.9
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENX-FI" = Creative ZEN X-Fi User's Guide

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27/02/2009 03:59:44 | Computer Name = MATT-EFDA78A10B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\setupnow.ex_ failed, 0000001E.

Error - 06/08/2009 23:15:25 | Computer Name = MATT-EFDA78A10B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\AutoRunCD.exe failed, 0000001E.

[ Application Events ]
Error - 26/09/2009 14:24:25 | Computer Name = MATT-EFDA78A10B | Source = Application Error | ID = 1000
Description = Faulting application wlloginproxy.exe, version 5.0.818.5, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 28/09/2009 10:03:47 | Computer Name = MATT-EFDA78A10B | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.41.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x00018af2.

Error - 28/09/2009 10:03:53 | Computer Name = MATT-EFDA78A10B | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 29/09/2009 04:09:11 | Computer Name = MATT-EFDA78A10B | Source = Application Error | ID = 1000
Description = Faulting application wlloginproxy.exe, version 5.0.818.5, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 29/09/2009 20:58:00 | Computer Name = MATT-EFDA78A10B | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/09/2009 16:18:07 | Computer Name = MATT-EFDA78A10B | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 30/09/2009 17:59:14 | Computer Name = MATT-EFDA78A10B | Source = Application Error | ID = 1000
Description = Faulting application hoh.exe, version 0.0.0.0, faulting module hoh.exe,
version 0.0.0.0, fault address 0x000217d8.

Error - 30/09/2009 19:41:44 | Computer Name = MATT-EFDA78A10B | Source = Application Error | ID = 1000
Description = Faulting application wlloginproxy.exe, version 5.0.818.5, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 30/09/2009 20:07:35 | Computer Name = MATT-EFDA78A10B | Source = Application Hang | ID = 1002
Description = Hanging application WinRAR.exe, version 3.42.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/09/2009 20:25:56 | Computer Name = MATT-EFDA78A10B | Source = Application Hang | ID = 1002
Description = Hanging application WinRAR.exe, version 3.42.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 19/09/2009 09:26:40 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 19/09/2009 09:26:40 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 19/09/2009 09:26:40 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 19/09/2009 09:26:40 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 19/09/2009 09:26:41 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/09/2009 04:22:17 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7000
Description = The Beep service failed to start due to the following error: %%5

Error - 24/09/2009 04:24:52 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7000
Description = The Beep service failed to start due to the following error: %%2

Error - 24/09/2009 04:25:20 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7000
Description = The Null service failed to start due to the following error: %%2

Error - 25/09/2009 03:41:49 | Computer Name = MATT-EFDA78A10B | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 27/09/2009 02:42:33 | Computer Name = MATT-EFDA78A10B | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 894a7020, parameter3
894a7194, parameter4 805d1204.


< End of report >

#8 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 October 2009 - 09:26 AM

Pc is running fine at the moment cheers. Matt

#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 October 2009 - 11:59 PM

Hi mattskelly,

You have BitTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

Please see this topic for more information: Perils of P2P File Sharing

If you wish to keep it, please do not use it until your computer is cleaned.

I would recommend that you uninstall BitTorrent, however that choice is up to you.

To remove BitTorrent please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate the following programs:
  • BitTorrent
Select the program, then select remove.
(if the program is not listed don't be alarmed, just continue)
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

- - - - - Next - - - - -

Please download ComboFix from one of these locations:

Link 1
Link 2

A guide can be found here

* IMPORTANT : Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
*Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. The log will be located here C:\ComboFix.txt (Provided 'C' is your root directory)
Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.

Please don't attach the scans / logs, use "copy/paste".

On your next post please provide:
  • ComboFix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 03 October 2009 - 01:20 PM

hi ocd
here are the combofix logs
thanks.
ComboFix 09-10-01.05 - Matt 03/10/2009 18:45.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1458 [GMT 1:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091002-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Windows System Suite *enabled* {D12A226B-5606-4D63-98D3-E67D0D8A3D33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\efiv.reg
c:\documents and settings\All Users\Application Data\fyqixijun.ban
c:\documents and settings\All Users\Application Data\ihuloziz.inf
c:\documents and settings\All Users\Application Data\ilota.ban
c:\documents and settings\All Users\Application Data\isev.bin
c:\documents and settings\All Users\Application Data\qamaje.reg
c:\documents and settings\All Users\Application Data\ruwi.vbs
c:\documents and settings\All Users\Application Data\ymydu.bat
c:\documents and settings\All Users\Application Data\zezo.lib
c:\documents and settings\All Users\Documents\ewupiq.pif
c:\documents and settings\All Users\Documents\gexabetus.inf
c:\documents and settings\All Users\Documents\kavudubemi.vbs
c:\documents and settings\All Users\Documents\majyqi.dl
c:\documents and settings\All Users\Documents\puhykixavi.inf
c:\documents and settings\All Users\Documents\rigybypol.scr
c:\documents and settings\All Users\Documents\unof.reg
c:\documents and settings\All Users\Documents\wiked.com
c:\documents and settings\All Users\Documents\wykys._dl
c:\documents and settings\All Users\Documents\ydiwoluze.reg
c:\documents and settings\All Users\Documents\ysyn.pif
c:\documents and settings\Matt\Application Data\omug.com
c:\documents and settings\Matt\Application Data\pajy.bin
c:\documents and settings\Matt\Application Data\vewyk.pif
c:\documents and settings\Matt\Application Data\xuzokefah.inf
c:\documents and settings\Matt\Cookies\afini.reg
c:\documents and settings\Matt\Cookies\ahagoc.reg
c:\documents and settings\Matt\Cookies\atelyd.pif
c:\documents and settings\Matt\Cookies\beseci.sys
c:\documents and settings\Matt\Cookies\exyqa.sys
c:\documents and settings\Matt\Cookies\ezacogofuj.lib
c:\documents and settings\Matt\Cookies\ulek.ban
c:\documents and settings\Matt\Local Settings\Application Data\ezoda._dl
c:\documents and settings\Matt\Local Settings\Application Data\guci.pif
c:\documents and settings\Matt\Local Settings\Application Data\ixulig.com
c:\documents and settings\Matt\Local Settings\Application Data\rakefo.sys
c:\program files\Common Files\becimi.inf
c:\program files\Common Files\boji.com
c:\program files\Common Files\bujokafo.pif
c:\program files\Common Files\etasiwy.vbs
c:\program files\Common Files\ipigewu.bat
c:\program files\Common Files\iqizozysan.dll
c:\program files\Common Files\mava.exe
c:\program files\Common Files\rasywycys.pif
c:\program files\Common Files\rywuk.bat
c:\program files\Common Files\saxiwuwyb.bin
c:\program files\Common Files\tuzihuzohe.pif
c:\program files\Common Files\upimefe.bat
c:\windows\abyjy.ban
c:\windows\dezidiw._dl
c:\windows\ejobijocyf.dl
c:\windows\fycy.sys
c:\windows\gidire.ban
c:\windows\icyvudydux.bin
c:\windows\ifiwyj.bin
c:\windows\ipururi.pif
c:\windows\ipyxag.reg
c:\windows\izesigani.reg
c:\windows\joqi.reg
c:\windows\ofylesal.ban
c:\windows\system32\aqyno.dll
c:\windows\system32\osybider.bin
c:\windows\system32\sumywaz.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\zawyz.dl
c:\windows\tihubasega.bin
c:\windows\tyloxynafa.inf
c:\windows\ubyw.vbs
c:\windows\vasybysi.inf
c:\windows\zuxunapiz.vbs

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP26\A0006458.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 17:49 . 2006-02-28 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-03 17:49 . 2006-02-28 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-03 17:27 . 2009-10-03 17:28 -------- d-----w- C:\ComboFull1
2009-10-03 16:06 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 07:36 . 2009-10-02 07:36 -------- d-----w- c:\program files\CAPCOM
2009-09-30 22:06 . 2009-09-30 22:06 -------- d-----w- C:\xGAMESx
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\HeadOverHeels
2009-09-30 15:34 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-09-28 14:01 . 2009-09-28 14:01 19004 ----a-w- c:\windows\sekoxolofi.dat
2009-09-28 13:58 . 2009-09-28 13:58 5632 ----a-w- C:\rlswn.exe
2009-09-28 07:39 . 2009-09-28 07:39 -------- d-----w- C:\ie-spyad
2009-09-28 07:37 . 2009-09-29 08:06 -------- d-----w- c:\program files\SpywareGuard
2009-09-28 07:31 . 2009-09-29 08:06 -------- d-----w- c:\program files\SpywareBlaster
2009-09-28 07:23 . 2009-09-28 07:23 12193 ----a-w- c:\program files\Common Files\hodijik.dat
2009-09-25 07:34 . 2009-09-25 07:34 14211 ----a-w- c:\windows\afagy.dat
2009-09-24 08:25 . 2009-09-24 08:25 19467 ----a-w- c:\documents and settings\Matt\Local Settings\Application Data\ufaxi.dat
2009-09-23 15:26 . 2009-09-23 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-22 12:54 . 2009-09-22 13:34 -------- d-----w- c:\documents and settings\Matt\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
2009-09-22 12:54 . 2009-09-22 13:34 -------- d-----w- c:\program files\Smart Mod Manager
2009-09-22 12:19 . 2009-09-28 10:35 -------- d-----w- c:\program files\THQ
2009-09-12 18:11 . 2009-09-30 20:48 -------- d-----w- C:\Sshock2
2009-09-08 19:02 . 2009-09-08 19:02 576 ----a-w- c:\windows\eReg.dat
2009-09-08 19:00 . 2009-09-08 19:02 -------- d-----w- c:\program files\Clive Barker's Undying

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 07:36 . 2008-04-05 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 21:08 . 2009-08-08 15:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-28 14:01 . 2009-09-28 14:01 17995 ----a-w- c:\program files\Common Files\taxifenaw._sy
2009-09-28 14:01 . 2009-09-28 14:01 15646 ----a-w- c:\program files\Common Files\uvos.db
2009-09-28 12:53 . 2009-08-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-28 07:46 . 2009-08-09 05:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-28 07:23 . 2009-09-28 07:23 17820 ----a-w- c:\documents and settings\Matt\Application Data\uqehe.dat
2009-09-25 07:41 . 2009-08-08 05:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-24 08:28 . 2009-06-06 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 08:25 . 2009-09-24 08:25 17656 ----a-w- c:\program files\Common Files\avamih.db
2009-09-23 15:26 . 2008-04-05 14:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-23 15:26 . 2009-07-03 07:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-23 15:26 . 2009-07-04 14:43 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-20 10:59 . 2008-06-04 19:14 -------- d-----w- c:\program files\Steam
2009-09-10 13:54 . 2009-06-06 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-06-06 20:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:59 . 2009-09-08 18:59 0 ----a-w- c:\windows\system32\_r_a_p_.tmp
2009-08-30 19:58 . 2009-08-30 19:33 -------- d-----w- c:\program files\Mass Effect
2009-08-30 19:58 . 2009-08-30 19:46 -------- d-----w- c:\program files\Common Files\BioWare
2009-08-30 17:06 . 2009-08-30 17:06 -------- d-----w- c:\documents and settings\Matt\Application Data\FUEL Demo
2009-08-19 17:51 . 2009-05-08 12:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-18 13:29 . 2008-06-04 19:02 -------- d-----w- c:\documents and settings\Matt\Application Data\Bioshock
2009-08-17 16:10 . 2009-08-08 09:12 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-08 09:12 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-08 09:12 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-08 09:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-08 09:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-08 09:12 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-08 09:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-08 09:12 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-08 09:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 02:03 . 2009-08-17 02:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-07-02 21:54 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2009-07-02 21:15 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2009-04-30 21:02 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-04-30 21:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-04-30 21:02 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-01-15 07:19 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2009-01-15 07:19 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2009-01-15 07:19 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2009-01-15 07:19 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2009-01-15 07:19 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-16 23:57 . 2006-02-13 13:05 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-14 12:36 . 2009-08-14 12:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-13 14:28 . 2009-08-13 14:28 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 14:00 . 2009-08-13 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-08-13 14:00 . 2008-04-10 19:19 -------- d-----w- c:\program files\Bethesda Softworks
2009-08-13 10:53 . 2009-08-13 10:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ADCC9DAF-34D1-4565-92F1-DDB872DCF596}
2009-08-13 10:51 . 2009-08-13 10:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-08-13 10:38 . 2009-08-13 09:54 4486 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-12 05:31 . 2008-04-05 14:38 -------- d-----w- c:\program files\DivX
2009-08-11 11:35 . 2009-07-02 21:45 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-10 08:36 . 2009-08-10 08:36 -------- d-----w- c:\program files\ESET
2009-08-09 04:21 . 2009-08-09 04:21 -------- d-----w- c:\program files\Trend Micro
2009-08-08 16:42 . 2009-08-08 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-08 15:36 . 2008-04-05 14:36 -------- d-----w- c:\program files\Alwil Software
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\program files\AVG
2009-08-08 15:36 . 2009-08-08 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\Matt\Application Data\Simply Super Software
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\Matt\Application Data\AVG8
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-08 15:36 . 2009-02-03 06:36 -------- d-----w- c:\program files\PeerGuardian2
2009-08-08 05:15 . 2009-08-08 05:15 -------- d-----w- c:\documents and settings\Matt\Application Data\SUPERAntiSpyware.com
2009-08-07 19:38 . 2009-08-07 17:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\f6d0392
2009-08-06 15:59 . 2008-04-17 21:17 -------- d-----w- c:\program files\Ubisoft
2009-08-06 15:58 . 2008-04-28 17:41 -------- d-----w- c:\program files\Activision
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 23:21 . 2009-08-02 23:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-16_19.00.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-03 17:21 . 2009-10-03 17:21 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2009-10-03 17:20 . 2009-10-03 17:20 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2008-06-04 10:26 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-04-05 14:37 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-04-05 14:37 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 81920 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvwddi.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 86016 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvmctray.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 45056 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvmccsrs.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2009-08-23 10:42 63130 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2009-06-29 04:51 63130 c:\windows\system32\perfc009.dat
+ 2009-08-17 02:04 . 2009-08-17 02:04 81920 c:\windows\system32\nvwddi.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 81920 c:\windows\system32\nvwddi.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 86016 c:\windows\system32\nvmctray.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 86016 c:\windows\system32\nvmctray.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 32768 c:\windows\system32\netfxperf.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\system32\netfxperf.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 03:31 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 03:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 74240 c:\windows\system32\mscories.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 74240 c:\windows\system32\mscories.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2006-02-28 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2009-08-31 07:48 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-08-31 07:48 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-02-28 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2008-04-05 14:00 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 83456 c:\windows\system32\dfshim.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 83456 c:\windows\system32\dfshim.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 06:28 . 2005-09-23 06:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2005-09-23 07:28 . 2005-09-23 07:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 07:29 . 2005-09-23 07:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 06:36 . 2005-09-23 06:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 05:36 . 2005-09-23 05:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
- 2005-09-23 06:29 . 2005-09-23 06:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
- 2005-09-23 06:47 . 2005-09-23 06:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
- 2005-09-23 06:30 . 2005-09-23 06:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 05:30 . 2005-09-23 05:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
- 2005-09-23 06:47 . 2005-09-23 06:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
- 2005-09-23 06:47 . 2005-09-23 06:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
- 2005-09-23 06:47 . 2005-09-23 06:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
- 2005-09-23 06:47 . 2005-09-23 06:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
- 2005-09-23 06:46 . 2005-09-23 06:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 05:46 . 2005-09-23 05:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 05:46 . 2005-09-23 05:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
- 2005-09-23 06:46 . 2005-09-23 06:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 05:46 . 2005-09-23 05:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
- 2005-09-23 06:46 . 2005-09-23 06:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 05:44 . 2005-09-23 05:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
- 2005-09-23 06:44 . 2005-09-23 06:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
- 2005-09-23 06:42 . 2005-09-23 06:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 05:42 . 2005-09-23 05:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
- 2005-09-23 06:40 . 2005-09-23 06:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 05:40 . 2005-09-23 05:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 05:40 . 2005-09-23 05:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
- 2005-09-23 06:40 . 2005-09-23 06:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
- 2005-09-23 06:40 . 2005-09-23 06:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 05:40 . 2005-09-23 05:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
- 2005-09-23 06:38 . 2005-09-23 06:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 05:38 . 2005-09-23 05:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
- 2005-09-23 06:38 . 2005-09-23 06:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 05:38 . 2005-09-23 05:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 02:46 . 2005-09-23 02:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
- 2005-09-23 03:46 . 2005-09-23 03:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 05:36 . 2005-09-23 05:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
- 2005-09-23 06:36 . 2005-09-23 06:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
- 2005-09-23 06:34 . 2005-09-23 06:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 05:34 . 2005-09-23 05:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 05:34 . 2005-09-23 05:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
- 2005-09-23 06:34 . 2005-09-23 06:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
- 2005-09-23 06:34 . 2005-09-23 06:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 05:34 . 2005-09-23 05:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 05:32 . 2005-09-23 05:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
- 2005-09-23 06:32 . 2005-09-23 06:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
- 2005-09-23 06:29 . 2005-09-23 06:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-31 07:49 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-08-31 07:49 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-08-31 07:49 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 37888 c:\windows\ie8\url.dll
+ 2009-08-31 07:48 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 39424 c:\windows\ie8\pngfilt.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 96256 c:\windows\ie8\occache.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 29184 c:\windows\ie8\mshta.exe
+ 2009-08-31 07:48 . 2006-02-28 12:00 22016 c:\windows\ie8\licmgr10.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 16384 c:\windows\ie8\jsproxy.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 96256 c:\windows\ie8\inseng.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 35840 c:\windows\ie8\imgutil.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 93184 c:\windows\ie8\iexplore.exe
+ 2009-08-31 07:48 . 2006-02-28 12:00 62976 c:\windows\ie8\iesetup.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 48640 c:\windows\ie8\iernonce.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 81920 c:\windows\ie8\ieencode.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2009-08-31 07:48 . 2006-02-28 12:00 38912 c:\windows\ie8\hmmapi.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 35328 c:\windows\ie8\corpol.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 99840 c:\windows\ie8\advpack.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 61440 c:\windows\ie8\admparse.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4af607a23cc393f6fd8c3387c649a98c\Microsoft.Build.Framework.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e41126f2ab113512585546dfa712aa\dfsvc.ni.exe
+ 2009-08-24 15:31 . 2009-08-24 15:31 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11d2d31c75ffafdd26fc2d9717dc7c24\Accessibility.ni.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-08-31 07:41 . 2008-10-22 09:47 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-08-31 07:41 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-08-18 07:21 . 2006-02-28 12:00 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll
+ 2009-08-18 07:21 . 2009-02-03 20:08 55808 c:\windows\$NtUninstallKB968389$\secur32.dll
+ 2009-08-18 07:21 . 2006-02-28 12:00 92032 c:\windows\$NtUninstallKB968389$\ksecdd.sys
+ 2009-08-31 07:49 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973874-IE8\update\spcustom.dll
+ 2009-08-31 07:49 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973874-IE8\spmsg.dll
+ 2009-08-31 07:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260-IE8\update\spcustom.dll
+ 2009-08-31 07:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260-IE8\spmsg.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 12800 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\xpshims.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 55296 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeedsbs.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 25600 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\jsproxy.dll
+ 2009-08-18 07:21 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2009-08-18 07:21 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\$hf_mig$\KB968389\SP3GDR\wdigest.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\$hf_mig$\KB968389\SP3GDR\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\$hf_mig$\KB968389\SP3GDR\ksecdd.sys
+ 2009-06-25 08:17 . 2009-06-25 08:17 59392 c:\windows\$hf_mig$\KB968389\SP2QFE\wdigest.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 56320 c:\windows\$hf_mig$\KB968389\SP2QFE\secur32.dll
+ 2009-06-22 11:35 . 2009-06-22 11:35 92544 c:\windows\$hf_mig$\KB968389\SP2QFE\ksecdd.sys
+ 2009-08-31 07:42 . 2007-03-06 01:22 22752 c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2009-08-31 07:42 . 2007-03-06 01:22 14048 c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 07:28 . 2005-09-23 07:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
- 2008-04-10 20:11 . 2009-08-12 10:22 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-31 07:49 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB973874-IE8\iecompat.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-06-29 04:51 . 2009-06-29 04:51 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2009-01-07 17:21 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 915456 c:\windows\system32\wininet.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2006-02-28 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 163908 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvsvc32.exe
+ 2009-09-23 15:26 . 2009-01-15 07:19 458752 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvmccssr.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 188416 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvmccss.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 229376 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvmccs.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 135168 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvcod.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 663552 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvapi.dll
+ 2006-02-28 12:00 . 2009-08-23 10:42 403528 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2009-06-29 04:51 403528 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 168004 c:\windows\system32\nvsvc32.exe
+ 2009-08-17 02:04 . 2009-08-17 02:04 122880 c:\windows\system32\nvrszht.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 122880 c:\windows\system32\nvrszht.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 229376 c:\windows\system32\nvrszhc.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 253952 c:\windows\system32\nvrstr.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 253952 c:\windows\system32\nvrstr.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 253952 c:\windows\system32\nvrsth.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 253952 c:\windows\system32\nvrsth.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 253952 c:\windows\system32\nvrssv.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 253952 c:\windows\system32\nvrssv.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 258048 c:\windows\system32\nvrssl.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 258048 c:\windows\system32\nvrssl.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 258048 c:\windows\system32\nvrssk.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 258048 c:\windows\system32\nvrssk.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 266240 c:\windows\system32\nvrsru.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 266240 c:\windows\system32\nvrsru.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 266240 c:\windows\system32\nvrsptb.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 266240 c:\windows\system32\nvrsptb.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 270336 c:\windows\system32\nvrspt.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 270336 c:\windows\system32\nvrspt.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 253952 c:\windows\system32\nvrspl.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 253952 c:\windows\system32\nvrspl.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 253952 c:\windows\system32\nvrsno.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 253952 c:\windows\system32\nvrsno.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 274432 c:\windows\system32\nvrsnl.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 274432 c:\windows\system32\nvrsnl.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 262144 c:\windows\system32\nvrsko.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 262144 c:\windows\system32\nvrsko.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 270336 c:\windows\system32\nvrsja.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 270336 c:\windows\system32\nvrsja.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 278528 c:\windows\system32\nvrsit.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 278528 c:\windows\system32\nvrsit.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 258048 c:\windows\system32\nvrshu.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 258048 c:\windows\system32\nvrshu.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 331776 c:\windows\system32\nvrshe.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 331776 c:\windows\system32\nvrshe.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 282624 c:\windows\system32\nvrsfr.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 282624 c:\windows\system32\nvrsfr.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 249856 c:\windows\system32\nvrsfi.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 249856 c:\windows\system32\nvrsfi.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 274432 c:\windows\system32\nvrsesm.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 274432 c:\windows\system32\nvrsesm.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 282624 c:\windows\system32\nvrses.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 282624 c:\windows\system32\nvrses.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 245760 c:\windows\system32\nvrseng.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 245760 c:\windows\system32\nvrseng.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 282624 c:\windows\system32\nvrsel.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 282624 c:\windows\system32\nvrsel.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 278528 c:\windows\system32\nvrsde.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 278528 c:\windows\system32\nvrsde.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 253952 c:\windows\system32\nvrsda.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 253952 c:\windows\system32\nvrsda.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 245760 c:\windows\system32\nvrscs.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 245760 c:\windows\system32\nvrscs.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 331776 c:\windows\system32\nvrsar.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 331776 c:\windows\system32\nvrsar.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 458752 c:\windows\system32\nvmccssr.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 458752 c:\windows\system32\nvmccssr.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 188416 c:\windows\system32\nvmccss.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 188416 c:\windows\system32\nvmccss.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 143360 c:\windows\system32\nvcolor.exe
+ 2009-08-17 02:03 . 2009-08-17 02:03 143360 c:\windows\system32\nvcolor.exe
+ 2006-02-28 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\msv1_0.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
+ 2006-02-28 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 03:32 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2006-02-28 12:00 . 2008-02-26 11:59 294912 c:\windows\system32\msctf.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 150016 c:\windows\system32\mscorier.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 150016 c:\windows\system32\mscorier.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2006-02-28 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-08-19 17:51 . 2009-08-19 17:51 149280 c:\windows\system32\javaws.exe
+ 2009-08-19 17:51 . 2009-08-19 17:51 145184 c:\windows\system32\javaw.exe
+ 2009-08-19 17:51 . 2009-08-19 17:51 145184 c:\windows\system32\java.exe
+ 2009-03-08 03:22 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 03:11 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2006-02-28 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2008-04-05 14:00 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-05 14:00 . 2006-02-28 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-04-05 14:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2006-02-28 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-08-31 07:48 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-02-28 12:00 . 2008-02-26 11:59 294912 c:\windows\system32\dllcache\msctf.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2006-02-28 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-05 14:00 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-08-31 07:48 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-08-31 07:49 . 2009-08-07 08:48 100352 c:\windows\system32\dllcache\iecompat.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-02-28 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-31 07:45 . 2009-08-31 07:39 182480 c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
- 2005-09-23 07:28 . 2005-09-23 07:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 06:57 . 2005-09-23 06:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
- 2005-09-23 07:57 . 2005-09-23 07:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 06:01 . 2005-09-23 06:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
- 2005-09-23 07:01 . 2005-09-23 07:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2009-09-22 12:54 . 2009-09-22 12:54 761856 c:\windows\Installer\48f292.msi
+ 2008-04-10 20:11 . 2009-09-11 22:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-10 20:11 . 2009-08-12 10:22 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-10 20:11 . 2009-09-11 22:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-08-31 07:49 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB973874-IE8\spuninst\updspapi.dll
+ 2009-08-31 07:49 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB973874-IE8\spuninst\spuninst.exe
+ 2009-08-31 07:49 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-08-31 07:49 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-31 07:49 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-08-31 07:49 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-08-31 07:49 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-08-31 07:49 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-08-31 07:49 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-31 07:49 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-08-31 07:49 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-09-11 22:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-11 22:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-11 22:05 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 659456 c:\windows\ie8\wininet.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 276480 c:\windows\ie8\webcheck.dll
+ 2009-08-31 07:48 . 2007-06-26 15:13 851968 c:\windows\ie8\vgx.dll
+ 2009-08-31 07:48 . 2007-12-18 14:40 417792 c:\windows\ie8\vbscript.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 616448 c:\windows\ie8\urlmon.dll
+ 2009-08-31 07:48 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-08-31 07:48 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-08-31 07:48 . 2009-06-26 16:18 532480 c:\windows\ie8\mstime.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 146432 c:\windows\ie8\msrating.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 146432 c:\windows\ie8\msls31.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 449024 c:\windows\ie8\mshtmled.dll
+ 2009-08-31 07:48 . 2007-12-18 14:40 450560 c:\windows\ie8\jscript.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 251392 c:\windows\ie8\iepeers.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 323584 c:\windows\ie8\iedkcs32.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 216576 c:\windows\ie8\ieaksie.dll
+ 2009-08-31 07:48 . 2006-02-28 12:00 139264 c:\windows\ie8\ieakeng.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 205312 c:\windows\ie8\dxtrans.dll
+ 2009-08-31 07:48 . 2009-06-26 16:18 357888 c:\windows\ie8\dxtmsft.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\717578166f93064819015842da681337\System.Web.RegularExpressions.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\53c73b46e9127702b2acbb8525c04ce1\System.Transactions.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ac8ab1702a67a48b85dac54dfd0b78c2\System.Security.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d2997e8bc1a8e7f02da937f6444714da\System.EnterpriseServices.Wrapper.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d2997e8bc1a8e7f02da937f6444714da\System.EnterpriseServices.ni.dll
+ 2009-08-23 10:44 . 2009-08-23 10:44 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\17de4de453477bd46f008842847f148b\System.Drawing.Design.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\689abafe5c6b27819bfcce851bcd3e97\System.DirectoryServices.Protocols.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d91a743e3f595a4a69912fd73a691a6\Microsoft.Build.Utilities.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e64d7ec561073dc0473fbbc98525547b\Microsoft.Build.Engine.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\faa12a85fcbe667516c3244bc6876c24\CustomMarshalers.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 888832 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e015879d44e9c0cf84e9bf08f9dacc67\AspNetMMCExt.ni.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 577536 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 577536 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 888832 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 888832 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 413696 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 413696 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-08-31 07:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-08-31 07:41 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-08-18 07:21 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll
+ 2009-08-18 07:21 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
+ 2009-08-18 07:21 . 2008-12-05 07:12 144896 c:\windows\$NtUninstallKB968389$\schannel.dll
+ 2009-08-18 07:21 . 2006-02-28 12:00 129536 c:\windows\$NtUninstallKB968389$\msv1_0.dll
+ 2009-08-18 07:21 . 2009-02-09 10:20 723456 c:\windows\$NtUninstallKB968389$\lsasrv.dll
+ 2009-08-18 07:21 . 2005-06-15 17:49 295936 c:\windows\$NtUninstallKB968389$\kerberos.dll
+ 2009-08-31 07:42 . 2007-03-06 01:23 371424 c:\windows\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2009-08-31 07:42 . 2007-03-06 01:22 213216 c:\windows\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2009-08-31 07:42 . 2006-02-28 12:00 294400 c:\windows\$NtUninstallKB932823-v3$\msctf.dll
+ 2009-08-31 07:49 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973874-IE8\update\updspapi.dll
+ 2009-08-31 07:49 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973874-IE8\update\update.exe
+ 2009-08-31 07:49 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973874-IE8\spuninst.exe
+ 2009-08-31 07:49 . 2009-08-07 08:00 100352 c:\windows\$hf_mig$\KB973874-IE8\SP3QFE\iecompat.dll
+ 2009-08-31 07:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE8\update\updspapi.dll
+ 2009-08-31 07:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE8\update\update.exe
+ 2009-08-31 07:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB972260-IE8\spuninst.exe
+ 2009-08-31 07:48 . 2009-07-03 17:06 915456 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 206848 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\occache.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 594432 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeeds.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 246272 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieproxy.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 184320 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iepeers.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 386048 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iedkcs32.dll
+ 2009-08-31 07:48 . 2009-07-03 11:38 173056 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ie4uinit.exe
+ 2009-08-18 07:21 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2009-08-18 07:21 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2009-08-18 07:21 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\$hf_mig$\KB968389\SP3GDR\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\$hf_mig$\KB968389\SP3GDR\msv1_0.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\$hf_mig$\KB968389\SP3GDR\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\$hf_mig$\KB968389\SP3GDR\kerberos.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 168448 c:\windows\$hf_mig$\KB968389\SP2QFE\schannel.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 136192 c:\windows\$hf_mig$\KB968389\SP2QFE\msv1_0.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 729600 c:\windows\$hf_mig$\KB968389\SP2QFE\lsasrv.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 301568 c:\windows\$hf_mig$\KB968389\SP2QFE\kerberos.dll
+ 2009-08-31 07:42 . 2007-03-06 01:23 371424 c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2009-08-31 07:42 . 2007-03-06 01:22 716000 c:\windows\$hf_mig$\KB932823-v3\update\update.exe
+ 2009-08-31 07:42 . 2007-03-06 01:22 213216 c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
+ 2009-08-31 07:42 . 2008-02-26 11:48 297984 c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2006-02-28 12:00 . 2009-05-20 03:56 2458112 c:\windows\system32\WMVCore.dll
- 2006-02-28 12:00 . 2008-06-18 05:03 2458112 c:\windows\system32\WMVCore.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 3026944 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvwssr.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 2744320 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvwss.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 4280320 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvvitvsr.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 3796992 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvvitvs.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 9412608 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvoglnt.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 2854912 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvmoblsr.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 1286144 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvmobls.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 4280320 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvgamesr.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 3489792 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvgames.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 6594560 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvdispsr.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 4710400 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvdisps.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 1560576 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvcuda.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 6301248 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nv4_mini.sys
+ 2009-09-23 15:26 . 2009-01-15 07:19 6168960 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nv4_disp.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 3170304 c:\windows\system32\nvwss.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 4616192 c:\windows\system32\nvvitvsr.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 4026368 c:\windows\system32\nvvitvs.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 2854912 c:\windows\system32\nvmoblsr.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 2854912 c:\windows\system32\nvmoblsr.dll
- 2009-01-15 07:19 . 2009-01-15 07:19 1286144 c:\windows\system32\nvmobls.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 1286144 c:\windows\system32\nvmobls.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 4640768 c:\windows\system32\nvgamesr.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 3547136 c:\windows\system32\nvgames.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 8085504 c:\windows\system32\nvdispsr.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 4923392 c:\windows\system32\nvdisps.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 2505248 c:\windows\system32\nvcpluir.dll
+ 2009-08-17 02:04 . 2009-08-17 02:04 2173472 c:\windows\system32\nvcplui.exe
+ 2006-02-28 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 03:32 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-06 20:07 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2006-02-28 12:00 . 2009-05-20 03:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2006-02-28 12:00 . 2008-06-18 05:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2007-10-18 22:10 . 2007-10-18 22:10 2908160 c:\windows\system32\dllcache\shock2.exe
+ 2009-07-02 21:15 . 2009-08-16 23:57 7729568 c:\windows\system32\dllcache\nv4_mini.sys
+ 2006-02-28 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-08-31 07:48 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-30 17:01 . 2008-07-12 07:18 3851784 c:\windows\system32\D3DX9_39.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-08-19 17:51 . 2009-08-19 17:51 1757696 c:\windows\Installer\eb0e.msi
+ 2009-08-25 13:57 . 2009-08-25 13:57 5518336 c:\windows\Installer\4036b.msp
+ 2009-09-23 15:26 . 2009-09-23 15:26 1500160 c:\windows\Installer\33837c.msi
+ 2009-08-31 07:49 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-08-31 07:49 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-08-31 07:49 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-08-31 07:48 . 2009-07-18 16:20 3062272 c:\windows\ie8\mshtml.dll
+ 2009-08-23 10:44 . 2009-08-23 10:44 8130560 c:\windows\assembly\NativeImages_v2.0.50727_32\System\36c5c59f61f8f5e7f1bd2327b5322090\System.ni.dll
+ 2009-08-23 10:44 . 2009-08-23 10:44 5623808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f3b6a5b689fd89a74926fd36980402f9\System.Xml.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 1941504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\4753858274d7b56a9988beae478eef26\System.Web.Services.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 2306048 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\6a3cb997962dfbe78f23861bf0db132b\System.Web.Mobile.ni.dll
+ 2009-08-23 10:44 . 2009-08-23 10:44 1601536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1fdbd54ceca94c3cc131e16023e81424\System.Drawing.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 1216512 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c84d248bbfe77126d82cca64a504fcf3\System.DirectoryServices.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c420f0449ccd02d5b1e5fcead63b380\System.Deployment.ni.dll
+ 2009-08-23 10:44 . 2009-08-23 10:44 6676480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\8af9ed7faf767e73e48961e286f00081\System.Data.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 1003520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\257cac40e50eb37d54c4112581a3d0f5\System.Configuration.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 1720320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\07e5a32a3ed4ebc249c87164541ce5b1\Microsoft.VisualBasic.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 1687552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a546bed154f01ce853c37dcd5f93d86f\Microsoft.Build.Tasks.ni.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 2940928 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 2940928 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 2027520 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 2027520 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 5152768 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 5152768 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 5001216 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 5001216 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 5156864 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 5156864 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 2902016 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 2902016 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-06-29 04:51 . 2009-06-29 04:51 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-08-23 10:42 . 2009-08-23 10:42 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-22 12:28 . 2009-09-22 12:28 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-13 13:59 . 2009-08-13 13:59 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 1208832 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\urlmon.dll
+ 2009-08-31 07:48 . 2009-07-19 13:17 5938176 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
+ 2009-08-31 07:48 . 2009-07-03 17:06 1985536 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iertutil.dll
+ 2009-09-23 15:26 . 2009-01-15 07:19 13680640 c:\windows\system32\ReinstallBackups\0019\DriverFiles\nvcpl.dll
+ 2009-08-17 02:03 . 2009-08-17 02:03 13877248 c:\windows\system32\nvcpl.dll
+ 2008-06-06 14:36 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-03-08 03:39 . 2009-07-19 17:48 11067392 c:\windows\system32\ieframe.dll
+ 2009-08-31 07:48 . 2009-07-19 17:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2005-09-23 06:48 . 2005-09-23 06:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
- 2005-09-23 07:48 . 2005-09-23 07:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2009-08-31 07:49 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
+ 2009-08-23 10:44 . 2009-08-23 10:44 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dd1d12a54b090d3118953c5240b2169c\System.Windows.Forms.ni.dll
+ 2009-08-24 15:31 . 2009-08-24 15:31 12185600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8b327213b65eb885db0e4187f6d9f51a\System.Web.ni.dll
+ 2009-08-23 10:44 . 2009-08-23 10:44 10702848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\908fc79d949543cc7a61649a0ae2ca75\System.Design.ni.dll
+ 2009-08-23 10:43 . 2009-08-23 10:43 11304960 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\28346b949c01a9329fafcf4d6b715045\mscorlib.ni.dll
+ 2009-08-31 07:48 . 2009-07-19 13:17 11068416 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-20 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Matt\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-10-19 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 07:41 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^forteManager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTRegRun"=c:\windows\CTRegRun.EXE
"Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"nwiz"=nwiz.exe /install
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mattkelly73\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7200:TCP"= 7200:TCP:BitComet 7200 TCP
"7200:UDP"= 7200:UDP:BitComet 7200 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/08/2009 10:12 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/08/2009 10:12 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [22/03/2009 22:02 598856]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 12:42 64000]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [26/02/2009 16:52 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [26/02/2009 16:52 13312]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [06/06/2008 21:02 17536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]

2009-10-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 18:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1482476501-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,d0,66,67,da,14,d8,8b,9f,6b,ae,45,34,25,4d,7a,15,f1,44,64,70,d4,73,
95,d8,97,16,e6,5d,5e,8b,e4,2f,fc,4e,ed,f0,90,7d,68,10,3c,ff,0b,79,39,85,ec,\
"??"=hex:4e,c1,94,83,b4,96,3d,53,23,ec,98,6c,93,a5,8e,69

[HKEY_USERS\S-1-5-21-436374069-1482476501-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:38,7a,af,fc,1c,07,b1,7f,65,94,37,78,2b,65,d7,4c,8c,42,26,30,eb,
d6,29,72,4c,4b,22,78,bb,f5,35,54,72,1e,a2,7e,19,e5,ff,ac,64,cd,3d,61,e3,5d,\
"rkeysecu"=hex:ba,01,fb,d0,7a,ad,6b,5d,75,0f,8c,64,5e,9e,47,3d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="56EA05DE006143517D6C9602E4DC15CB13156B768CBB4A3D751FD2DAFD45F441506E71DED69
27A8A6F18A215DF44068A9EB9F58D3E7883FD2027B13F2A2BB1C1ACDD6948B7C7BA70054DA6F93723
E95F97759CB39734E5DCAFC6EE12EAAE80C73BE20D6566DA93F0199E900884C9F156815D3C6FACD2E
31F713AF924EC69B6F6B17F7A7546BADBACEB6FD209079A94AB44DA39B8B34C3440948F47BB82086B
27AB8657A9E3E7AAF59DF8E0BC238E8A522BAD78F88AAB516EAEA8CE111FCCFB64A320CBA7EB7A5FD
7364736D6DEB055ED6565E5133013FB8BB73D8A525C8A08ECFC48068AB09B190F9EBC50FDE41E33FE
BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEB
C9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74CA9C6AECB7A5D140759F5
D5C8DBB6ADB3134236DD937F195E84719EC64F46BDE3A8C5A541E1F434D69EEF1CA3E36F432187E59
B42042C0476BC405AE421E06ACE5534D4D1383693F97A8D48DE1E1A66B70B4A789B9117826A90334A
85903E845604172C510B21116CE288CB3EDDE0BAAD11B123FE99C02E9311B4CCAEA859381404A4AED
635CB8DAC847DF18A6611F40343C2CA86EF52B191031693E96AD2C468D773B27F026D7F78BDEE5390
749D61F6FD076E4FDB144C45E189A347C7EE00753602E2E9B2E4EED52442E022B59A5D0FD16E63FB9
7F75055592558582B9451A2882FBD3A7DB17A8B7D3FDE12C943DA1583C95131D10F27AB4BE65D3570
D0359CEEBE97170AF752A54614E33AC9F5E0168A51B719AF904A764DAC367865D1BB51BADA95AD758
23C76ACD25C77BE3389E2159DE46245564929A93AB73FCF6D0AF2F28FB3ACD13D910F957189292522
039002AE7EBC216148F75D378B2DE899D67A51CC40C72239BFCA19477DB4718C0F78E6E47DDDBED3F
C5E9A2EB06859F36FA2C5E6DCB6E2AB47C380931F82885F04B78A092F0293F33599C58FF79CC33CB3
E9F19602B57D6CBED9CC77AC8043AC4D2FEC4333E3052DCDAC782E07F6BB551992ADF879845579CD3
2B276B31DF12B68843B24FD47700FBADC804158AB49C7A627810CE2653E73B2B5967C9A4FD434E7A1
DB9C597021CA0435606538F0E73F796FAC36B021819F3F8E9656968D2346F0B167836229DD3844824
C98CA80870C407BA1BFA803DCE5D62E013434560582BF26281209BF5C52AAD82E3E041A0CA1C09F08
55E6DA8053F4485AACD2A99B2FA0B52168130646B87A8D249F2E7F4F18D2F0398559FB121AA55559B
8288BF5377759060917D03C2C8BB9FE6567789BAA63CCC347C33E298D0A9169B5B9051C26B8CDBFD9
04F9D196493D44A1A14EB1BBF151EA703C7ED428587C2AE4E4A2072FF09369A41A5F8B7F32392E462
1D044CB9261A4BFAC1A9584585AEF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-03 18:51
ComboFix-quarantined-files.txt 2009-10-03 17:51
ComboFix2.txt 2009-08-19 09:33
ComboFix3.txt 2009-08-19 09:17
ComboFix4.txt 2009-08-18 07:29
ComboFix5.txt 2009-10-03 17:44

Pre-Run: 362,007,711,744 bytes free
Post-Run: 361,978,695,680 bytes free

1160 --- E O F --- 2009-09-28 23:35

    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 October 2009 - 10:47 AM

Hello mattskelly,

We will be using Combofix again, but will run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • In the run box type notepad
  • Click OK
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and Paste all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE

http://forums.whatthetech.com/trojan_infection_repeat_antivirus_pro_infections_t107248.html

Collect::
c:\windows\sekoxolofi.dat
C:\rlswn.exe
c:\program files\Common Files\hodijik.dat
c:\windows\afagy.dat
c:\documents and settings\Matt\Local Settings\Application Data\ufaxi.dat
c:\program files\Common Files\taxifenaw._sy
c:\program files\Common Files\uvos.db
c:\documents and settings\Matt\Application Data\uqehe.dat
c:\program files\Common Files\avamih.db
c:\windows\system32\_r_a_p_.tmp

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouse-click combofix's window while it's running. That may cause it to stall**

Posted Image

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
- - - - - Next - - - - -

Please run a new scan with Malwarebytes'
  • Check for the latest updates
  • After updates have been installed select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.< < Don't forget this!
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    (The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.)
  • Copy and Paste the entire report in your next reply.
- - - - - Next - - - - -

On your next post please provide the following:
  • ComboFix log
  • MBAM log
  • Tell me how your computer is running at the moment.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 05 October 2009 - 03:17 AM

hi ocd
combofix log :
ComboFix 09-10-01.05 - Matt 05/10/2009 10:02.6.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1508 [GMT 1:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091004-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Windows System Suite *enabled* {D12A226B-5606-4D63-98D3-E67D0D8A3D33}

file zipped: c:\documents and settings\Matt\Application Data\uqehe.dat
file zipped: c:\documents and settings\Matt\Local Settings\Application Data\ufaxi.dat
file zipped: c:\program files\Common Files\avamih.db
file zipped: c:\program files\Common Files\hodijik.dat
file zipped: c:\program files\Common Files\taxifenaw._sy
file zipped: c:\program files\Common Files\uvos.db
file zipped: C:\rlswn.exe
file zipped: c:\windows\afagy.dat
file zipped: c:\windows\sekoxolofi.dat
file zipped: c:\windows\system32\_r_a_p_.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt\Application Data\uqehe.dat
c:\documents and settings\Matt\Local Settings\Application Data\ufaxi.dat
c:\program files\Common Files\avamih.db
c:\program files\Common Files\hodijik.dat
c:\program files\Common Files\taxifenaw._sy
c:\program files\Common Files\uvos.db
C:\rlswn.exe
c:\windows\afagy.dat
c:\windows\sekoxolofi.dat
c:\windows\system32\_r_a_p_.tmp

.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-03 18:23 . 2007-02-27 01:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-10-03 18:23 . 2007-02-27 01:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-10-03 18:23 . 2009-10-03 18:23 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-10-03 17:49 . 2006-02-28 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-03 17:49 . 2006-02-28 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-03 17:27 . 2009-10-03 17:28 -------- d-----w- C:\ComboFull1
2009-10-03 16:06 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 07:36 . 2009-10-02 07:36 -------- d-----w- c:\program files\CAPCOM
2009-09-30 22:06 . 2009-09-30 22:06 -------- d-----w- C:\xGAMESx
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\HeadOverHeels
2009-09-30 15:34 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-09-28 07:39 . 2009-09-28 07:39 -------- d-----w- C:\ie-spyad
2009-09-28 07:37 . 2009-09-29 08:06 -------- d-----w- c:\program files\SpywareGuard
2009-09-28 07:31 . 2009-10-04 01:36 -------- d-----w- c:\program files\SpywareBlaster
2009-09-23 15:26 . 2009-09-23 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-22 12:54 . 2009-09-22 13:34 -------- d-----w- c:\documents and settings\Matt\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
2009-09-22 12:54 . 2009-09-22 13:34 -------- d-----w- c:\program files\Smart Mod Manager
2009-09-22 12:19 . 2009-09-28 10:35 -------- d-----w- c:\program files\THQ
2009-09-12 18:11 . 2009-09-30 20:48 -------- d-----w- C:\Sshock2
2009-09-08 19:02 . 2009-09-08 19:02 576 ----a-w- c:\windows\eReg.dat
2009-09-08 19:00 . 2009-09-08 19:02 -------- d-----w- c:\program files\Clive Barker's Undying

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 01:37 . 2009-08-08 15:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-03 18:25 . 2009-10-03 18:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-10-03 18:25 . 2009-10-03 18:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-10-02 07:36 . 2008-04-05 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-28 12:53 . 2009-08-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-28 07:46 . 2009-08-09 05:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-25 07:41 . 2009-08-08 05:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-24 08:28 . 2009-06-06 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 15:26 . 2008-04-05 14:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-23 15:26 . 2009-07-03 07:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-23 15:26 . 2009-07-04 14:43 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-20 10:59 . 2008-06-04 19:14 -------- d-----w- c:\program files\Steam
2009-09-10 13:54 . 2009-06-06 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-06-06 20:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 19:58 . 2009-08-30 19:33 -------- d-----w- c:\program files\Mass Effect
2009-08-30 19:58 . 2009-08-30 19:46 -------- d-----w- c:\program files\Common Files\BioWare
2009-08-30 17:06 . 2009-08-30 17:06 -------- d-----w- c:\documents and settings\Matt\Application Data\FUEL Demo
2009-08-19 17:51 . 2009-05-08 12:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-18 13:29 . 2008-06-04 19:02 -------- d-----w- c:\documents and settings\Matt\Application Data\Bioshock
2009-08-17 16:10 . 2009-08-08 09:12 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-08 09:12 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-08 09:12 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-08 09:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-08 09:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-08 09:12 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-08 09:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-08 09:12 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-08 09:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 02:03 . 2009-08-17 02:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-07-02 21:54 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2009-07-02 21:15 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2009-04-30 21:02 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-04-30 21:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-04-30 21:02 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-01-15 07:19 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2009-01-15 07:19 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2009-01-15 07:19 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2009-01-15 07:19 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2009-01-15 07:19 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-16 23:57 . 2006-02-13 13:05 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-14 12:36 . 2009-08-14 12:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-13 14:28 . 2009-08-13 14:28 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 14:00 . 2009-08-13 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-08-13 14:00 . 2008-04-10 19:19 -------- d-----w- c:\program files\Bethesda Softworks
2009-08-13 10:53 . 2009-08-13 10:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ADCC9DAF-34D1-4565-92F1-DDB872DCF596}
2009-08-13 10:51 . 2009-08-13 10:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-08-13 10:38 . 2009-08-13 09:54 4486 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-12 05:31 . 2008-04-05 14:38 -------- d-----w- c:\program files\DivX
2009-08-11 11:35 . 2009-07-02 21:45 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-10 08:36 . 2009-08-10 08:36 -------- d-----w- c:\program files\ESET
2009-08-09 04:21 . 2009-08-09 04:21 -------- d-----w- c:\program files\Trend Micro
2009-08-08 16:42 . 2009-08-08 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-08 15:36 . 2008-04-05 14:36 -------- d-----w- c:\program files\Alwil Software
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\program files\AVG
2009-08-08 15:36 . 2009-08-08 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\Matt\Application Data\Simply Super Software
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\Matt\Application Data\AVG8
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-08 15:36 . 2009-02-03 06:36 -------- d-----w- c:\program files\PeerGuardian2
2009-08-08 05:15 . 2009-08-08 05:15 -------- d-----w- c:\documents and settings\Matt\Application Data\SUPERAntiSpyware.com
2009-08-07 19:38 . 2009-08-07 17:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\f6d0392
2009-08-06 15:59 . 2008-04-17 21:17 -------- d-----w- c:\program files\Ubisoft
2009-08-06 15:58 . 2008-04-28 17:41 -------- d-----w- c:\program files\Activision
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 23:21 . 2009-08-02 23:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-03_17.49.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-05 07:41 . 2009-10-05 07:41 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2009-10-05 07:41 . 2009-10-05 07:41 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
+ 2009-10-03 18:23 . 2007-02-27 01:15 61984 c:\windows\system32\DRVSTORE\xusb21_AFEEC82A73A104AF5C6EBFCDA2E66AEC9AB09C1B\x86\xusb21.sys
+ 2006-04-19 23:44 . 2006-04-19 23:44 30688 c:\windows\system32\drivers\wdfldr.sys
+ 2009-10-03 18:23 . 2009-10-03 18:23 25214 c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\Checker.exe
+ 2006-04-19 23:44 . 2006-04-19 23:44 479200 c:\windows\system32\drivers\wdf01000.sys
+ 2009-10-03 18:23 . 2009-10-03 18:23 439926 c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\XBoxStat.exe
+ 2009-10-03 18:23 . 2007-02-27 01:15 1421216 c:\windows\system32\DRVSTORE\xusb21_AFEEC82A73A104AF5C6EBFCDA2E66AEC9AB09C1B\x86\wdfcoinstaller01001.dll
+ 2009-10-03 18:23 . 2009-10-03 18:23 1181184 c:\windows\Installer\2245b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-20 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Matt\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-10-19 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 07:41 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^forteManager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTRegRun"=c:\windows\CTRegRun.EXE
"Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"nwiz"=nwiz.exe /install
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mattkelly73\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7200:TCP"= 7200:TCP:BitComet 7200 TCP
"7200:UDP"= 7200:UDP:BitComet 7200 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/08/2009 10:12 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/08/2009 10:12 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [22/03/2009 22:02 598856]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 12:42 64000]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [26/02/2009 16:52 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [26/02/2009 16:52 13312]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [06/06/2008 21:02 17536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]

2009-10-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 10:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1482476501-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,0e,61,7f,aa,2a,02,62,75,97,2e,58,d2,2f,fc,b4,f5,32,1c,2b,c1,32,6c,
dc,9f,05,5b,23,d2,9b,42,64,3e,16,c5,00,8b,bf,d1,aa,2f,a5,15,2a,b3,ff,21,ce,\
"??"=hex:35,e6,87,bd,3c,08,bb,8f,b9,fd,d8,84,33,c0,3c,93

[HKEY_USERS\S-1-5-21-436374069-1482476501-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:91,ad,1e,82,92,6d,f6,8b,ad,bf,e9,19,5f,bd,5d,d6,8e,11,45,25,ae,
f2,d9,a3,3d,b2,21,2d,6a,df,0e,b9,7d,b6,5b,db,b8,32,7d,1f,b7,46,5a,0d,22,16,\
"rkeysecu"=hex:29,d8,71,29,2c,8e,53,b8,20,13,e5,de,51,d1,f7,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="56EA05DE006143517D6C9602E4DC15CB13156B768CBB4A3D751FD2DAFD45F441506E71DED69
27A8A6F18A215DF44068A9EB9F58D3E7883FD2027B13F2A2BB1C1ACDD6948B7C7BA70054DA6F93723
E95F97759CB39734E5DCAFC6EE12EAAE80C73BE20D6566DA93F0199E900884C9F156815D3C6FACD2E
31F713AF924EC69B6F6B17F7A7546BADBACEB6FD209079A94AB44DA39B8B34C3440948F47BB82086B
27AB8657A9E3E7AAF59DF8E0BC238E8A522BAD78F88AAB516EAEA8CE111FCCFB64A320CBA7EB7A5FD
7364736D6DEB055ED6565E5133013FB8BB73D8A525C8A08ECFC48068AB09B190F9EBC50FDE41E33FE
BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEB
C9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74CA9C6AECB7A5D140759F5
D5C8DBB6ADB3134236DD937F195E84719EC64F46BDE3A8C5A541E1F434D69EEF1CA3E36F432187E59
B42042C0476BC405AE421E06ACE5534D4D1383693F97A8D48DE1E1A66B70B4A789B9117826A90334A
85903E845604172C510B21116CE288CB3EDDE0BAAD11B123FE99C02E9311B4CCAEA859381404A4AED
635CB8DAC847DF18A6611F40343C2CA86EF52B191031693E96AD2C468D773B27F026D7F78BDEE5390
749D61F6FD076E4FDB144C45E189A347C7EE00753602E2E9B2E4EED52442E022B59A5D0FD16E63FB9
7F75055592558582B9451A2882FBD3A7DB17A8B7D3FDE12C943DA1583C95131D10F27AB4BE65D3570
D0359CEEBE97170AF752A54614E33AC9F5E0168A51B719AF904A764DAC367865D1BB51BADA95AD758
23C76ACD25C77BE3389E2159DE46245564929A93AB73FCF6D0AF2F28FB3ACD13D910F957189292522
039002AE7EBC216148F75D378B2DE899D67A51CC40C72239BFCA19477DB4718C0F78E6E47DDDBED3F
C5E9A2EB06859F36FA2C5E6DCB6E2AB47C380931F82885F04B78A092F0293F33599C58FF79CC33CB3
E9F19602B57D6CBED9CC77AC8043AC4D2FEC4333E3052DCDAC782E07F6BB551992ADF879845579CD3
2B276B31DF12B68843B24FD47700FBADC804158AB49C7A627810CE2653E73B2B5967C9A4FD434E7A1
DB9C597021CA0435606538F0E73F796FAC36B021819F3F8E9656968D2346F0B167836229DD3844824
C98CA80870C407BA1BFA803DCE5D62E013434560582BF26281209BF5C52AAD82E3E041A0CA1C09F08
55E6DA8053F4485AACD2A99B2FA0B52168130646B87A8D249F2E7F4F18D2F0398559FB121AA55559B
8288BF5377759060917D03C2C8BB9FE6567789BAA63CCC347C33E298D0A9169B5B9051C26B8CDBFD9
04F9D196493D44A1A14EB1BBF151EA703C7ED428587C2AE4E4A2072FF09369A41A5F8B7F32392E462
1D044CB9261A4BFAC1A9584585AEF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-05 10:10
ComboFix-quarantined-files.txt 2009-10-05 09:10
ComboFix2.txt 2009-10-03 17:51
ComboFix3.txt 2009-08-19 09:33
ComboFix4.txt 2009-08-19 09:17
ComboFix5.txt 2009-10-05 09:01

Pre-Run: 358,611,320,832 bytes free
Post-Run: 358,572,298,240 bytes free

307 --- E O F --- 2009-09-28 23:35
Upload was successful



and updated malwarebytes log

Malwarebytes' Anti-Malware 1.41
Database version: 2908
Windows 5.1.2600 Service Pack 2

05/10/2009 10:15:30
mbam-log-2009-10-05 (10-15-30).txt

Scan type: Quick Scan
Objects scanned: 92261
Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


pc seems to be running fine.
thanks
matts

#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 October 2009 - 12:43 AM

Hi mattskelly,

Please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate the following programs:
  • Windows System Suite
Select the program, then select remove.
(if the program is not listed don't be alarmed, just continue)

Exit the Control Panel when finished.

- - - - - Next - - - - -

We will be using Combofix again, but will run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click Run
  • In the run box type notepad
  • Click OK
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and Paste all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE

SecCenter::
{D12A226B-5606-4D63-98D3-E67D0D8A3D33}

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouse-click combofix's window while it's running. That may cause it to stall**

Posted Image

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

- - - - - Next - - - - -

Run the following scan: Eset Online Scanner
(you will need Internet Explorer to run this scan)
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
- - - - - Next - - - - -

On your next post please provide the following:
  • ComboFix.txt
  • ESET log.txt
  • How is your computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 mattskelly

mattskelly

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 07 October 2009 - 05:51 AM

hi ocd
here are requested logs

combo fix:

ComboFix 09-10-01.05 - Matt 07/10/2009 11:27.7.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1544 [GMT 1:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-03 18:23 . 2007-02-27 01:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-10-03 18:23 . 2007-02-27 01:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-10-03 18:23 . 2009-10-03 18:23 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-10-03 17:49 . 2006-02-28 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-03 17:49 . 2006-02-28 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-03 17:27 . 2009-10-03 17:28 -------- d-----w- C:\ComboFull1
2009-10-03 16:06 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 07:36 . 2009-10-02 07:36 -------- d-----w- c:\program files\CAPCOM
2009-09-30 22:06 . 2009-09-30 22:06 -------- d-----w- C:\xGAMESx
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\HeadOverHeels
2009-09-30 15:34 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-09-28 07:39 . 2009-09-28 07:39 -------- d-----w- C:\ie-spyad
2009-09-28 07:37 . 2009-09-29 08:06 -------- d-----w- c:\program files\SpywareGuard
2009-09-28 07:31 . 2009-10-04 01:36 -------- d-----w- c:\program files\SpywareBlaster
2009-09-23 15:26 . 2009-09-23 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-22 12:54 . 2009-09-22 13:34 -------- d-----w- c:\documents and settings\Matt\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
2009-09-22 12:54 . 2009-09-22 13:34 -------- d-----w- c:\program files\Smart Mod Manager
2009-09-22 12:19 . 2009-09-28 10:35 -------- d-----w- c:\program files\THQ
2009-09-12 18:11 . 2009-09-30 20:48 -------- d-----w- C:\Sshock2
2009-09-08 19:02 . 2009-09-08 19:02 576 ----a-w- c:\windows\eReg.dat
2009-09-08 19:00 . 2009-09-08 19:02 -------- d-----w- c:\program files\Clive Barker's Undying

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 12:04 . 2009-08-08 15:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-03 18:25 . 2009-10-03 18:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-10-03 18:25 . 2009-10-03 18:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-10-02 07:36 . 2008-04-05 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-28 12:53 . 2009-08-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-28 07:46 . 2009-08-09 05:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-25 07:41 . 2009-08-08 05:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-24 08:28 . 2009-06-06 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 15:26 . 2008-04-05 14:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-23 15:26 . 2009-07-03 07:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-23 15:26 . 2009-07-04 14:43 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-20 10:59 . 2008-06-04 19:14 -------- d-----w- c:\program files\Steam
2009-09-10 13:54 . 2009-06-06 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-06-06 20:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 19:58 . 2009-08-30 19:33 -------- d-----w- c:\program files\Mass Effect
2009-08-30 19:58 . 2009-08-30 19:46 -------- d-----w- c:\program files\Common Files\BioWare
2009-08-30 17:06 . 2009-08-30 17:06 -------- d-----w- c:\documents and settings\Matt\Application Data\FUEL Demo
2009-08-19 17:51 . 2009-05-08 12:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-18 13:29 . 2008-06-04 19:02 -------- d-----w- c:\documents and settings\Matt\Application Data\Bioshock
2009-08-17 16:10 . 2009-08-08 09:12 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-08 09:12 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-08 09:12 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-08 09:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-08 09:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-08 09:12 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-08 09:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-08 09:12 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-08 09:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 02:03 . 2009-08-17 02:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-07-02 21:54 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2009-07-02 21:15 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2009-04-30 21:02 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-04-30 21:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-04-30 21:02 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-01-15 07:19 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2009-01-15 07:19 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2009-01-15 07:19 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2009-01-15 07:19 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2009-01-15 07:19 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-16 23:57 . 2006-02-13 13:05 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-14 12:36 . 2009-08-14 12:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-13 14:28 . 2009-08-13 14:28 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 14:00 . 2009-08-13 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-08-13 14:00 . 2008-04-10 19:19 -------- d-----w- c:\program files\Bethesda Softworks
2009-08-13 10:53 . 2009-08-13 10:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ADCC9DAF-34D1-4565-92F1-DDB872DCF596}
2009-08-13 10:51 . 2009-08-13 10:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-08-13 10:38 . 2009-08-13 09:54 4486 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-12 05:31 . 2008-04-05 14:38 -------- d-----w- c:\program files\DivX
2009-08-11 11:35 . 2009-07-02 21:45 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-10 08:36 . 2009-08-10 08:36 -------- d-----w- c:\program files\ESET
2009-08-09 04:21 . 2009-08-09 04:21 -------- d-----w- c:\program files\Trend Micro
2009-08-08 16:42 . 2009-08-08 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-08 15:36 . 2008-04-05 14:36 -------- d-----w- c:\program files\Alwil Software
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\program files\AVG
2009-08-08 15:36 . 2009-08-08 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\Matt\Application Data\Simply Super Software
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\Matt\Application Data\AVG8
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-08 15:36 . 2009-08-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-08 15:36 . 2009-02-03 06:36 -------- d-----w- c:\program files\PeerGuardian2
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 23:21 . 2009-08-02 23:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-03_17.49.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 09:11 . 2009-10-07 09:11 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
+ 2009-10-07 09:11 . 2009-10-07 09:11 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
+ 2009-10-03 18:23 . 2007-02-27 01:15 61984 c:\windows\system32\DRVSTORE\xusb21_AFEEC82A73A104AF5C6EBFCDA2E66AEC9AB09C1B\x86\xusb21.sys
+ 2006-04-19 23:44 . 2006-04-19 23:44 30688 c:\windows\system32\drivers\wdfldr.sys
+ 2009-10-03 18:23 . 2009-10-03 18:23 25214 c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\Checker.exe
+ 2006-04-19 23:44 . 2006-04-19 23:44 479200 c:\windows\system32\drivers\wdf01000.sys
+ 2009-10-03 18:23 . 2009-10-03 18:23 439926 c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\XBoxStat.exe
+ 2009-10-03 18:23 . 2007-02-27 01:15 1421216 c:\windows\system32\DRVSTORE\xusb21_AFEEC82A73A104AF5C6EBFCDA2E66AEC9AB09C1B\x86\wdfcoinstaller01001.dll
+ 2009-10-03 18:23 . 2009-10-03 18:23 1181184 c:\windows\Installer\2245b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-20 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Matt\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-10-19 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 07:41 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^forteManager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTRegRun"=c:\windows\CTRegRun.EXE
"Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"nwiz"=nwiz.exe /install
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mattkelly73\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7200:TCP"= 7200:TCP:BitComet 7200 TCP
"7200:UDP"= 7200:UDP:BitComet 7200 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/08/2009 10:12 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/08/2009 10:12 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [22/03/2009 22:02 598856]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 12:42 64000]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [26/02/2009 16:52 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [26/02/2009 16:52 13312]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [06/06/2008 21:02 17536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]

2009-10-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 11:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1482476501-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7d,cc,44,44,ca,f8,ed,ed,75,54,91,ef,7b,5f,59,b1,97,fb,5a,75,64,57,35,
e0,68,73,d1,e8,2d,79,95,17,01,68,4d,89,79,cc,c4,33,f1,ff,7c,0f,fa,a2,dd,33,\
"??"=hex:37,51,bc,44,85,a4,53,13,96,35,93,bc,a7,20,ba,cf

[HKEY_USERS\S-1-5-21-436374069-1482476501-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:91,ad,1e,82,92,6d,f6,8b,ad,bf,e9,19,5f,bd,5d,d6,8e,11,45,25,ae,
f2,d9,a3,3d,b2,21,2d,6a,df,0e,b9,7d,b6,5b,db,b8,32,7d,1f,b7,46,5a,0d,22,16,\
"rkeysecu"=hex:29,d8,71,29,2c,8e,53,b8,20,13,e5,de,51,d1,f7,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="56EA05DE006143517D6C9602E4DC15CB13156B768CBB4A3D751FD2DAFD45F441506E71DED69
27A8A6F18A215DF44068A9EB9F58D3E7883FD2027B13F2A2BB1C1ACDD6948B7C7BA70054DA6F93723
E95F97759CB39734E5DCAFC6EE12EAAE80C73BE20D6566DA93F0199E900884C9F156815D3C6FACD2E
31F713AF924EC69B6F6B17F7A7546BADBACEB6FD209079A94AB44DA39B8B34C3440948F47BB82086B
27AB8657A9E3E7AAF59DF8E0BC238E8A522BAD78F88AAB516EAEA8CE111FCCFB64A320CBA7EB7A5FD
7364736D6DEB055ED6565E5133013FB8BB73D8A525C8A08ECFC48068AB09B190F9EBC50FDE41E33FE
BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEB
C9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74CA9C6AECB7A5D140759F5
D5C8DBB6ADB3134236DD937F195E84719EC64F46BDE3A8C5A541E1F434D69EEF1CA3E36F432187E59
B42042C0476BC405AE421E06ACE5534D4D1383693F97A8D48DE1E1A66B70B4A789B9117826A90334A
85903E845604172C510B21116CE288CB3EDDE0BAAD11B123FE99C02E9311B4CCAEA859381404A4AED
635CB8DAC847DF18A6611F40343C2CA86EF52B191031693E96AD2C468D773B27F026D7F78BDEE5390
749D61F6FD076E4FDB144C45E189A347C7EE00753602E2E9B2E4EED52442E022B59A5D0FD16E63FB9
7F75055592558582B9451A2882FBD3A7DB17A8B7D3FDE12C943DA1583C95131D10F27AB4BE65D3570
D0359CEEBE97170AF752A54614E33AC9F5E0168A51B719AF904A764DAC367865D1BB51BADA95AD758
23C76ACD25C77BE3389E2159DE46245564929A93AB73FCF6D0AF2F28FB3ACD13D910F957189292522
039002AE7EBC216148F75D378B2DE899D67A51CC40C72239BFCA19477DB4718C0F78E6E47DDDBED3F
C5E9A2EB06859F36FA2C5E6DCB6E2AB47C380931F82885F04B78A092F0293F33599C58FF79CC33CB3
E9F19602B57D6CBED9CC77AC8043AC4D2FEC4333E3052DCDAC782E07F6BB551992ADF879845579CD3
2B276B31DF12B68843B24FD47700FBADC804158AB49C7A627810CE2653E73B2B5967C9A4FD434E7A1
DB9C597021CA0435606538F0E73F796FAC36B021819F3F8E9656968D2346F0B167836229DD3844824
C98CA80870C407BA1BFA803DCE5D62E013434560582BF26281209BF5C52AAD82E3E041A0CA1C09F08
55E6DA8053F4485AACD2A99B2FA0B52168130646B87A8D249F2E7F4F18D2F0398559FB121AA55559B
8288BF5377759060917D03C2C8BB9FE6567789BAA63CCC347C33E298D0A9169B5B9051C26B8CDBFD9
04F9D196493D44A1A14EB1BBF151EA703C7ED428587C2AE4E4A2072FF09369A41A5F8B7F32392E462
1D044CB9261A4BFAC1A9584585AEF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3748)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-07 11:34
ComboFix-quarantined-files.txt 2009-10-07 10:34
ComboFix2.txt 2009-10-05 09:11
ComboFix3.txt 2009-10-03 17:51
ComboFix4.txt 2009-08-19 09:33
ComboFix5.txt 2009-10-07 10:25

Pre-Run: 359,213,821,952 bytes free
Post-Run: 359,185,199,104 bytes free

286 --- E O F --- 2009-10-06 07:26



eset online scan:
esets_scanner_update returned -1 esets_gle=53251
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=cb5885f421d9d0438cb5f925f3a1c533
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-07 11:17:08
# local_time=2009-10-07 12:17:08 (+0000, GMT Daylight Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 37 100 100 75123281250
# compatibility_mode=5889 61 66 100 793718387187500
# scanned=10308
# found=0
# cleaned=0
# scan_time=170
esets_scanner_update returned -1 esets_gle=53251
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=cb5885f421d9d0438cb5f925f3a1c533
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-07 11:44:23
# local_time=2009-10-07 12:44:23 (+0000, GMT Daylight Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 37 100 100 91475781250
# compatibility_mode=5889 61 66 100 793734739687500
# scanned=122501
# found=10
# cleaned=0
# scan_time=1590
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir a variant of Win32/Kryptik.APO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP26\A0006516.exe a variant of Win32/Kryptik.APP trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP27\A0008783.sys a variant of Win32/Olmarik.MY trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP28\A0008853.exe a variant of Win32/Kryptik.APO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP28\A0008863.exe a variant of Win32/Kryptik.APO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP28\A0008919.exe a variant of Win32/Kryptik.APO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP28\A0009909.exe a variant of Win32/Kryptik.APO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP28\A0009911.exe a variant of Win32/Kryptik.APO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP28\A0009914.exe Win32/TrojanDownloader.Bredolab.AA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3E894255-E391-4DFD-B4C2-0C39833F0E22}\RP37\A0010507.exe a variant of Win32/Kryptik.APO trojan 00000000000000000000000000000000 I



could not find window system suite in add remove programs.
pc seems to be running fine.

fyi: the window system suite was the initial infection that i had fixed here before this problem : here is the associated thread http://forums.whatth...=30#entry589805.

thanks OCD.
Matt.

#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 October 2009 - 09:23 PM

Hi mattskelly,

Congratulations, you computer appears clean. We have a little housekeeping to do before we can wrap this up.

  • Click Start then Run
  • Now type Combofix /u in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.

Posted Image

The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.
- - - - - Next - - - - -

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
- - - - - Next - - - - -

You can delete any of the tools I had you download: (they should be located on your desktop)
  • DDS
  • RootRepeal
- - - - - Next - - - - -

Here comes the "All Clean Speech":

I don't see any evidence of a Firewall on your computer.
If you do not have a Firewall installed please go to one of the links below and download and install a Firewall.
This should be taken care of first.

Firewall:
- - - - - Next - - - - -

Here are some tips to reduce the potential for spyware infection in the future:

Automatic Updates:

The easiest way to ensure you don't miss any of the critical Windows Updates is to set your computer up to receive Automatic Updates.
To set your computer up for Automatic Updates please do the following:
  • Click Start, and then click Control Panel.
  • Depending on which Control Panel view you use, Classic or Category, do one of the following:
  • Click System, and then click the Automatic Updates tab.
  • Click Performance and Maintenance, click System, and then click the Automatic Updates tab.
  • Select Automatic and choose a frequency and time that's convenient for you to get the updates.
  • Click Apply, then OK
  • Close the Control Panel.
- - - - - Next - - - - -

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

You are using Avast as your anti virus software. It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Firewall - I cannot stress how important it is that you keep the Firewall on your computer active at all times. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

Update all security programs regularly - Make sure you update all the programs regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

Remember to have only one (1) Firewall and one (1) Anti-Virus program running at any one time.

I would also suggest you read "So how did I get infected in the first place"?: by Tony Klein

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users