Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] 9 trojans, a worm, and corrupt antivirus! Help!


  • This topic is locked This topic is locked
89 replies to this topic

#31 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 07 November 2009 - 10:22 AM

It is asking me to update combofix again. Should I click no again?

    Advertisements

Register to Remove


#32 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 07 November 2009 - 10:23 AM

Yes, update it.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#33 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 07 November 2009 - 01:44 PM

Okay ComboFix is done. Apparently there was a serious meltdown when it finished and rebooted the first time because there was an error that said that Windows had recovered from a serious system failure and it asked me if I wanted to send an error report. I said don't send because ComboFix was still trying to finish. Here's the log, I'll be running MalwareBytes now.


ComboFix 09-11-06.03 - Wenninger 11/07/2009 11:28.3.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.243 [GMT -5:00]
Running from: c:\documents and settings\Wenninger\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wenninger\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-05 04:50 . 2009-11-05 04:50 -------- d-----w- c:\program files\ESET
2009-11-05 03:32 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-05 03:29 . 2009-11-05 03:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-04 21:16 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-04 18:48 . 2009-11-04 22:11 -------- d-----w- C:\Combo-Fix
2009-11-04 17:50 . 2009-11-04 17:56 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-11-04 04:35 . 2009-11-04 04:35 -------- d-----w- c:\program files\ERUNT
2009-11-04 03:57 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 04:22 . 2009-11-02 04:22 -------- d-sh--w- c:\documents and settings\Administrator.ALEVISSA\PrivacIE
2009-11-01 23:15 . 2009-11-02 01:30 -------- d-----w- c:\windows\BDOSCAN8
2009-11-01 07:40 . 2009-11-01 07:40 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-01 06:41 . 2009-11-01 06:41 -------- d-sh--w- c:\documents and settings\Administrator.ALEVISSA\IETldCache
2009-11-01 05:49 . 2009-11-01 05:49 -------- d-----w- c:\documents and settings\Administrator.ALEVISSA\Local Settings\Application Data\Shareaza
2009-11-01 05:49 . 2009-11-01 05:49 -------- d-----w- c:\documents and settings\Administrator.ALEVISSA\Application Data\Shareaza
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\documents and settings\HelpAssistant\System
2009-10-08 22:43 . 2009-11-07 15:32 -------- d-----w- c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 18:42 . 2009-11-03 03:14 16384 ----a-w- c:\documents and settings\Wenninger\Application Data\Macromedia\Common\ec0fe01c19.exe
2009-11-04 03:58 . 2009-11-02 07:16 -------- d-----w- c:\documents and settings\Wenninger\Application Data\Malwarebytes
2009-11-04 03:58 . 2009-11-04 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 03:57 . 2009-11-02 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 02:38 . 2009-11-04 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-04 02:32 . 2009-11-04 02:32 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-03 06:23 . 2009-11-03 06:23 -------- d-----w- c:\documents and settings\Wenninger\Application Data\AVG8
2009-11-03 04:05 . 2008-06-25 18:15 -------- d-----w- c:\program files\Freecell Buddy Pogo
2009-11-03 04:02 . 2008-02-15 19:49 -------- d-----w- c:\program files\PokerStars
2009-11-03 04:00 . 2009-11-02 19:32 -------- d-----w- c:\program files\Panda Security
2009-11-03 03:14 . 2009-11-03 03:14 101888 ----a-w- c:\documents and settings\Wenninger\Application Data\Macromedia\Common\ec0fe01c1.dll
2009-11-03 02:41 . 2003-06-11 00:45 -------- d-----w- c:\program files\Common Files\aol
2009-11-02 09:59 . 2008-02-09 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-02 09:41 . 2005-11-17 22:25 139112 -c--a-w- c:\documents and settings\Administrator.ALEVISSA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 04:30 . 2009-11-02 04:30 -------- d-----w- c:\documents and settings\Administrator.ALEVISSA\Application Data\Malwarebytes
2009-09-11 14:18 . 2008-10-16 04:59 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:53 . 2009-11-04 03:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 20:09 . 2009-08-20 20:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:51 . 2003-06-13 01:33 139112 -c--a-w- c:\documents and settings\Wenninger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-12-26 00:47 . 2004-12-26 00:47 35121138 ----a-w- c:\program files\NIS_Retail.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-11-06_18.19.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-03 17:11 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\wdigest.dll
- 2002-09-03 16:58 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\secur32.dll
+ 2002-09-03 16:58 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\secur32.dll
- 2003-06-11 00:26 . 2009-11-04 21:28 70340 c:\windows\SYSTEM32\PERFC009.DAT
+ 2003-06-11 00:26 . 2009-11-06 20:57 70340 c:\windows\SYSTEM32\PERFC009.DAT
+ 2007-08-13 23:54 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\msfeedsbs.dll
- 2007-08-13 23:54 . 2009-07-03 17:09 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2002-09-03 16:37 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\jsproxy.dll
- 2002-09-03 16:37 . 2009-07-03 17:09 25600 c:\windows\SYSTEM32\jsproxy.dll
+ 2009-06-21 15:42 . 2009-08-29 08:08 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
- 2009-06-21 15:42 . 2009-07-03 17:09 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
- 2008-02-12 06:08 . 2009-07-03 17:09 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-02-12 06:08 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\SYSTEM32\DLLCACHE\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
- 2006-05-10 05:22 . 2009-07-03 17:09 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2002-09-30 10:11 . 2009-06-10 07:47 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2002-09-30 10:11 . 2009-11-06 19:28 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2002-09-30 10:11 . 2009-06-10 07:47 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2002-09-30 10:11 . 2009-11-06 19:28 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2002-09-30 10:11 . 2009-11-06 19:28 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2002-09-30 10:11 . 2009-06-10 07:47 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2002-09-30 10:11 . 2009-06-10 07:47 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2002-09-30 10:11 . 2009-11-06 19:28 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-05-26 03:41 . 2009-06-10 07:46 12800 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2006-05-26 03:41 . 2009-11-06 19:25 12800 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\pubs.exe
- 2006-05-26 03:41 . 2009-06-10 07:46 16384 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-05-26 03:41 . 2009-11-06 19:25 16384 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-05-26 03:41 . 2009-06-10 07:46 34304 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-05-26 03:41 . 2009-11-06 19:25 34304 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-11-06 20:34 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-11-06 20:33 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-11-06 20:33 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-11-06 19:10 . 2009-11-06 19:10 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e4f5d1ed\System.Drawing.Design.dll
+ 2009-11-06 19:10 . 2009-11-06 19:10 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0221280c\CustomMarshalers.dll
+ 2009-11-06 21:13 . 2009-11-06 21:13 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-11-06 21:04 . 2009-11-06 21:04 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-11-06 21:02 . 2009-11-06 21:02 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-11-06 21:15 . 2009-11-06 21:15 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-08-14 07:51 . 2009-08-14 07:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-11-06 20:51 . 2009-11-06 20:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-06 20:54 . 2009-11-06 20:54 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-06 18:37 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2009-11-06 18:37 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
- 2009-08-14 07:52 . 2009-08-14 07:52 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2002-09-30 10:11 . 2009-11-06 19:28 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2002-09-30 10:11 . 2009-06-10 07:47 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2002-09-30 10:11 . 2009-11-06 19:28 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2002-09-30 10:11 . 2009-06-10 07:47 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2002-09-30 10:11 . 2009-06-10 07:47 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2002-09-30 10:11 . 2009-11-06 19:28 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-05-26 03:41 . 2009-11-06 19:25 3584 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-05-26 03:41 . 2009-06-10 07:46 3584 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-05-26 03:41 . 2009-06-10 07:46 8192 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-05-26 03:41 . 2009-11-06 19:25 8192 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-05-26 03:41 . 2009-06-10 07:46 2560 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-05-26 03:41 . 2009-11-06 19:25 2560 c:\windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-11-06 20:52 . 2009-11-06 20:52 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-11-06 20:54 . 2009-11-06 20:54 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2003-08-16 03:51 . 2009-04-02 04:02 604160 c:\windows\SYSTEM32\wmspdmod.dll
+ 2008-10-16 04:59 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\schannel.dll
- 2003-06-11 00:26 . 2009-11-04 21:28 437614 c:\windows\SYSTEM32\PERFH009.DAT
+ 2003-06-11 00:26 . 2009-11-06 20:57 437614 c:\windows\SYSTEM32\PERFH009.DAT
- 2002-09-03 16:50 . 2009-07-03 17:09 206848 c:\windows\SYSTEM32\occache.dll
+ 2002-09-03 16:50 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\occache.dll
- 2007-08-13 23:54 . 2009-07-03 17:09 594432 c:\windows\SYSTEM32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\msfeeds.dll
+ 2002-09-03 16:39 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\kerberos.dll
+ 2002-09-03 16:35 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\iepeers.dll
- 2002-09-03 16:35 . 2009-07-03 17:09 184320 c:\windows\SYSTEM32\iepeers.dll
+ 2002-09-03 16:34 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\iedkcs32.dll
- 2002-09-03 16:34 . 2009-07-03 11:01 173056 c:\windows\SYSTEM32\ie4uinit.exe
+ 2002-09-03 16:34 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\ie4uinit.exe
+ 2003-08-16 03:51 . 2009-04-02 04:02 604160 c:\windows\SYSTEM32\DLLCACHE\wmspdmod.dll
+ 2006-05-10 05:23 . 2009-08-29 08:08 916480 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
- 2007-08-13 23:44 . 2009-07-03 17:09 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2007-08-13 23:44 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
- 2008-02-12 06:08 . 2009-07-03 17:09 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-02-12 06:08 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2009-06-21 15:42 . 2009-08-29 08:08 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
- 2009-06-21 15:42 . 2009-07-03 17:09 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
- 2006-05-10 05:22 . 2009-07-03 17:09 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-05-10 05:22 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2007-08-13 23:39 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-08-13 23:39 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2007-08-13 23:39 . 2009-07-03 11:01 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-11-06 20:31 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-11-06 20:36 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-11-06 20:36 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-11-06 20:31 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-11-06 20:33 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-11-06 20:34 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-11-06 20:33 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-11-06 20:34 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-11-06 20:34 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2007-07-11 09:07 . 2007-07-11 09:07 835584 c:\windows\assembly\temp\GLRW27DIOT\System.Drawing.dll
+ 2009-11-06 19:12 . 2009-11-06 19:12 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7486649c\System.Drawing.dll
+ 2009-11-06 19:13 . 2009-11-06 19:13 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f32b81f2\System.Drawing.Design.dll
+ 2009-11-06 19:13 . 2009-11-06 19:13 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ae208fde\CustomMarshalers.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-11-06 21:13 . 2009-11-06 21:13 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-11-06 21:13 . 2009-11-06 21:13 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-11-06 21:13 . 2009-11-06 21:13 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-11-06 21:15 . 2009-11-06 21:15 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-11-06 21:15 . 2009-11-06 21:15 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-11-06 21:11 . 2009-11-06 21:11 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-11-06 21:17 . 2009-11-06 21:17 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-11-06 21:17 . 2009-11-06 21:17 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-11-06 21:16 . 2009-11-06 21:16 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-11-06 21:06 . 2009-11-06 21:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-11-06 21:06 . 2009-11-06 21:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-11-06 21:06 . 2009-11-06 21:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-11-06 21:06 . 2009-11-06 21:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-11-06 21:16 . 2009-11-06 21:16 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-11-06 21:15 . 2009-11-06 21:15 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-11-06 20:51 . 2009-11-06 20:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-14 07:51 . 2009-08-14 07:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-14 07:51 . 2009-08-14 07:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-11-06 20:51 . 2009-11-06 20:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-11-06 20:55 . 2009-11-06 20:55 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-11-06 20:55 . 2009-11-06 20:55 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-11-06 20:54 . 2009-11-06 20:54 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-11-06 20:54 . 2009-11-06 20:54 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-06 20:51 . 2009-11-06 20:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-14 07:51 . 2009-08-14 07:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-06 20:54 . 2009-11-06 20:54 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-06 18:37 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2009-11-06 18:37 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2009-11-06 18:37 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2009-11-04 21:54 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
- 2004-10-25 15:39 . 2009-07-03 17:09 1208832 c:\windows\SYSTEM32\urlmon.dll
+ 2004-10-25 15:39 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\urlmon.dll
- 2002-09-03 16:53 . 2008-04-14 00:12 1435648 c:\windows\SYSTEM32\query.dll
+ 2002-09-03 16:53 . 2009-07-17 16:22 1435648 c:\windows\SYSTEM32\query.dll
+ 2008-10-16 04:58 . 2009-08-05 01:44 2189184 c:\windows\SYSTEM32\ntoskrnl.exe
- 2008-10-16 04:58 . 2009-02-07 23:02 2066048 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2008-10-16 04:58 . 2009-08-04 14:20 2066048 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2004-10-25 15:39 . 2009-08-29 08:08 5940224 c:\windows\SYSTEM32\mshtml.dll
- 2007-08-13 23:34 . 2009-07-03 17:09 1985536 c:\windows\SYSTEM32\iertutil.dll
+ 2007-08-13 23:34 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\iertutil.dll
+ 2006-05-10 05:23 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2006-05-10 05:23 . 2009-07-03 17:09 1208832 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\SYSTEM32\DLLCACHE\query.dll
+ 2008-10-14 17:48 . 2009-08-05 01:44 2189184 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2008-10-14 17:48 . 2009-08-04 14:20 2023936 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2008-10-14 17:48 . 2009-02-06 10:32 2023936 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-10-14 17:48 . 2009-08-04 14:20 2066048 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
- 2008-10-14 17:48 . 2009-02-07 23:02 2066048 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-14 17:48 . 2009-08-04 15:13 2145280 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2008-10-14 17:48 . 2009-02-06 11:06 2145280 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2009-08-29 08:08 5940224 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-02-12 06:08 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-02-12 06:08 . 2009-07-03 17:09 1985536 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-09-04 20:31 . 2009-09-04 20:31 7972864 c:\windows\Installer\42d432.msp
+ 2009-08-20 20:27 . 2009-08-20 20:27 3622400 c:\windows\Installer\25bc33.msp
+ 2009-11-06 20:31 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-11-06 20:31 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-11-06 20:33 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2008-10-14 17:48 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-14 17:48 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 17:48 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 17:48 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 17:48 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 17:48 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-14 17:48 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-07-11 09:06 . 2007-07-11 09:06 1966080 c:\windows\assembly\temp\Y4AFLQW27D\System.dll
+ 2007-07-11 09:05 . 2007-07-11 09:05 1232896 c:\windows\assembly\temp\HNTY4AFLRW\System.dll
+ 2007-07-11 09:07 . 2007-07-11 09:07 3391488 c:\windows\assembly\temp\FLQW27DIOT\mscorlib.dll
+ 2007-07-11 09:06 . 2007-07-11 09:06 3018752 c:\windows\assembly\temp\7DJOUZ5AGL\System.Windows.Forms.dll
+ 2009-11-06 19:10 . 2009-11-06 19:10 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a95ffb72\System.dll
+ 2009-11-06 19:13 . 2009-11-06 19:13 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_91b62717\System.dll
+ 2009-11-06 19:11 . 2009-11-06 19:11 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c97a7ddb\System.Xml.dll
+ 2009-11-06 19:14 . 2009-11-06 19:14 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_42ad4b3c\System.Xml.dll
+ 2009-11-06 19:13 . 2009-11-06 19:13 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6d469ca5\System.Windows.Forms.dll
+ 2009-11-06 19:11 . 2009-11-06 19:11 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_353ac4bc\System.Windows.Forms.dll
+ 2009-11-06 19:14 . 2009-11-06 19:14 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2ead287b\System.Drawing.dll
+ 2009-11-06 19:14 . 2009-11-06 19:14 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9c9851ea\System.Design.dll
+ 2009-11-06 19:12 . 2009-11-06 19:12 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_080d62c7\System.Design.dll
+ 2009-11-06 19:12 . 2009-11-06 19:12 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f033acf\mscorlib.dll
+ 2009-11-06 19:14 . 2009-11-06 19:14 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1d575331\mscorlib.dll
+ 2009-11-06 21:03 . 2009-11-06 21:03 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-11-06 21:13 . 2009-11-06 21:13 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-11-06 21:02 . 2009-11-06 21:02 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-11-06 21:13 . 2009-11-06 21:13 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-11-06 21:19 . 2009-11-06 21:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-11-06 21:12 . 2009-11-06 21:12 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-11-06 21:15 . 2009-11-06 21:15 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-11-06 21:12 . 2009-11-06 21:12 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-11-06 21:15 . 2009-11-06 21:15 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-11-06 21:11 . 2009-11-06 21:11 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-11-06 21:07 . 2009-11-06 21:07 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-11-06 21:17 . 2009-11-06 21:17 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-11-06 21:08 . 2009-11-06 21:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-11-06 21:17 . 2009-11-06 21:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-11-06 21:07 . 2009-11-06 21:07 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-11-06 21:06 . 2009-11-06 21:06 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-11-06 21:06 . 2009-11-06 21:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-11-06 21:02 . 2009-11-06 21:02 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-11-06 20:55 . 2009-11-06 20:55 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-11-06 20:55 . 2009-11-06 20:55 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-08-14 07:51 . 2009-08-14 07:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-11-06 20:52 . 2009-11-06 20:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-11-06 20:51 . 2009-11-06 20:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-11-06 20:51 . 2009-11-06 20:51 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-14 07:51 . 2009-08-14 07:51 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-06 20:55 . 2009-11-06 20:55 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-14 07:53 . 2009-08-14 07:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-11-06 20:53 . 2009-11-06 20:53 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-08-14 07:52 . 2009-08-14 07:52 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-11-06 19:09 . 2009-11-06 19:09 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-11 09:05 . 2007-07-11 09:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-11-06 19:08 . 2009-11-06 19:08 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 09:05 . 2007-07-11 09:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2005-05-11 09:00 . 2009-10-02 18:01 25198016 c:\windows\SYSTEM32\MRT.exe
+ 2007-08-13 23:54 . 2009-08-29 08:08 11069440 c:\windows\SYSTEM32\ieframe.dll
+ 2008-02-12 06:08 . 2009-08-29 08:08 11069440 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\8a9f55.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\25bc56.msp
+ 2009-11-06 20:33 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-11-06 21:13 . 2009-11-06 21:13 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-11-06 21:18 . 2009-11-06 21:18 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-11-06 21:16 . 2009-11-06 21:16 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-11-06 21:11 . 2009-11-06 21:11 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-11-06 21:05 . 2009-11-06 21:06 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-11-06 21:04 . 2009-11-06 21:04 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-11-06 21:01 . 2009-11-06 21:01 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAB"="c:\documents and settings\Wenninger\Application Data\Macromedia\Common\ec0fe01c19.exe" [2009-11-07 16384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"rundll32.exe"="" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-08 638816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-23 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-09-03 59392]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HostManager"="c:\program files\Common Files\AOL\1157574114\ee\AOLSoftware.exe" [2008-06-24 41824]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"combofix"="c:\combofix\CF21033.exe" [2009-11-07 389120]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-10-06 741376]
"Detect Kbd Daemon"="SK2000DM.EXE" - c:\windows\SYSTEM32\SK2000DM.EXE [2001-04-28 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll
"midi1"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll
"mixer1"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll
"wave2"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll
"aux1"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll
"midi2"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll
"aux2"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll
"mixer2"=c:\docume~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
backup=c:\windows\pss\Free WebSite Tools.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Kazaa Upgrade Suite3.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online.lnk]
backup=c:\windows\pss\Verizon Online.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TBPSSvc"=2 (0x2)
"WinToolsSvc"=2 (0x2)
"MyWebSearchService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1157574114\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\aol\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\aol\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\1157574114\\EE\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

S3 SKUSBKBF;USB Keyboard Filter Driver;c:\windows\SYSTEM32\DRIVERS\skusbkbf.sys [7/27/2001 8:25 AM 14048]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/19/2009 4:51 PM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{C62C59F5-FD1B-4823-805FE6BFD520860D}
.
Contents of the 'Scheduled Tasks' folder

2009-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2009-11-07 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://search.msn.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
IE:
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: windowsupdate.com
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab
DPF: Bingo Luau by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/cascade/cascade-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/canasta/canasta-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/checkers2/checkers-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/chess2/chess2-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/ytz/ytz-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/domino/domino-en_US.cab
DPF: Double Deuce Poker by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/videopoker2/doubledeuce-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/superbingo/superbingo-en_US.cab
DPF: Hangman Hijinks by pogo - hxxp://game3.pogo.com/v/8.1.8.10/applet/hangman/hangman-en_US.cab
DPF: Hearts by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/hearts/hearts-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/gin2/gin2-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/lottso/lottso-en_US.cab
DPF: Makeover Madness by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: NASCAR Web Racing by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/nascar/nascar-en_US.cab
DPF: No-Limit Texas Hold'em by pogo - hxxp://game1.pogo.com/v/8.1.1.21/applet/allin/allin-en_US.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/paigow/paigow-en_US.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/freecell2/freecell2-en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/waterwheel/waterwheel-en_US.cab
DPF: Phlinx by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/flinger/flinger-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/poppit2/poppit2-en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/squares/squares-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
DPF: Showbiz Slots by pogo - hxxp://game1.pogo.com/v/8.1.0.24/applet/slots/showbiz-en_US.cab
DPF: Spooky Slots - hxxp://game1.pogo.com/v/8.1.1.35/applet/spooky/spooky-en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/stax/stax-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/sweettooth/sweettooth-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/millbrae/millbrae-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/v/8.1.9.7/applet/turbo22/turbo22-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/memories/memories-en_US.cab
DPF: Word Search Daily by pogo - hxxp://game3.pogo.com/v/8.1.9.4/applet/wordsearch/wordsearch-en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/wordwhomp2/whomp2-en_US.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 13:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2624249815-826661598-447150811-1006)
@Allowed: (Read) (S-1-5-21-2624249815-826661598-447150811-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\System32\ctmp3.acm
c:\windows\system32\vct3216.acm
c:\windows\system32\vct3216.dll
c:\windows\system32\msms001.vwp
c:\windows\system32\mvoice.vwp

- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\System32\ctmp3.acm
c:\windows\system32\vct3216.acm
c:\windows\system32\vct3216.dll
c:\windows\system32\msms001.vwp
c:\windows\system32\mvoice.vwp
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\windows\system32\Sktempdm.exe
.
**************************************************************************
.
Completion time: 2009-11-07 14:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 19:01
ComboFix2.txt 2009-11-06 20:42

Pre-Run: 14,052,429,824 bytes free
Post-Run: 13,354,250,240 bytes free

- - End Of File - - 9EB889F651C4FD6503F2028ACD41C35C

#34 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 07 November 2009 - 02:34 PM

Okay, I cant run MalwareBytes. It stalls as soon as I try to update it. It was doing this before. I tried uninstalling it and I even ran the mbam clean tool but that won't run either. I get an error that says SHGetValue failed with error code 0. Everytime I restart the computer it seems like whatever virus or problem that seems to be fixed after combofix starts back up again. This last time I restarted while I was reinstalling mbam it installed my printer....twice. I don't know if that means anything, just thought I'd mention it. So what should I do now? And could you let me know if I should be doing this stuff in safe mode or not?

#35 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 08 November 2009 - 02:01 AM

I ran mbam even though I couldnt update it. When I tried to remove all the infected files it locked up and there was no change for hours. I ended up having to end the program. This is the log I got: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 (Safe Mode) 11/7/2009 11:01:00 PM mbam-log-2009-11-07 (23-00-48).txt Scan type: Quick Scan Objects scanned: 126797 Time elapsed: 12 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 8 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\WENNIN~1\APPLIC~1\MACROM~1\Common\ec0fe01c1.dll) Good: (wdmaud.drv) -> No action taken. Folders Infected: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken. Files Infected: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> No action taken. C:\Documents and Settings\HelpAssistant\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> No action taken. C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Common\ec0fe01c1.dll (Hijack.Sound) -> No action taken. C:\Documents and Settings\Wenninger\Application Data\Macromedia\Common\ec0fe01c1.dll (Hijack.Sound) -> No action taken. I tried to run OTL. I got an error that read: The application or DLL C:\DOCUME~1\WENNIN~1\LOCALS~1\TEMP\ec0fe01c2.tmp is not a valid windows image. Please check this against your installation diskette. I continued to sit here for hours and click okay for the 156 (yes I counted) times it came up before my comp shut down suddenly. So I have no log for that one.

#36 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 09 November 2009 - 02:22 AM

Did you remove what Malwarebytes found? Post a fresh DDS log for me.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#37 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 09 November 2009 - 10:22 AM

No, I don't think MalwareBytes was able to remove them and I didn't go remove anything myself so I believe all those files are still there.

Heres a fresh DDS:


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Wenninger at 10:48:07.06 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.263 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Wenninger\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://search.msn.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
uRun: [rundll32.exe]
uRun: [WAB] c:\documents and settings\wenninger\application data\macromedia\common\ec0fe01c19.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [<NO NAME>] "c:\program files\internet explorer\iexplore.exe" http://www.symantec....000028.000000D8
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; IEMB3; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; NET_mmhpset)" -"http://www.cartoonne...ase/index.html"
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-explorer: <NO NAME> =
IE:
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: windowsupdate.com
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab
DPF: Bingo Luau by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/cascade/cascade-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/canasta/canasta-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/checkers2/checkers-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/chess2/chess2-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/ytz/ytz-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/domino/domino-en_US.cab
DPF: Double Deuce Poker by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/videopoker2/doubledeuce-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/superbingo/superbingo-en_US.cab
DPF: Hangman Hijinks by pogo - hxxp://game3.pogo.com/v/8.1.8.10/applet/hangman/hangman-en_US.cab
DPF: Hearts by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/hearts/hearts-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/gin2/gin2-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/lottso/lottso-en_US.cab
DPF: Makeover Madness by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: NASCAR Web Racing by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/nascar/nascar-en_US.cab
DPF: No-Limit Texas Hold'em by pogo - hxxp://game1.pogo.com/v/8.1.1.21/applet/allin/allin-en_US.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/paigow/paigow-en_US.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/freecell2/freecell2-en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/waterwheel/waterwheel-en_US.cab
DPF: Phlinx by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/flinger/flinger-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/poppit2/poppit2-en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/squares/squares-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
DPF: Showbiz Slots by pogo - hxxp://game1.pogo.com/v/8.1.0.24/applet/slots/showbiz-en_US.cab
DPF: Spooky Slots - hxxp://game1.pogo.com/v/8.1.1.35/applet/spooky/spooky-en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/stax/stax-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/sweettooth/sweettooth-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/millbrae/millbrae-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/v/8.1.9.7/applet/turbo22/turbo22-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/memories/memories-en_US.cab
DPF: Word Search Daily by pogo - hxxp://game3.pogo.com/v/8.1.9.4/applet/wordsearch/wordsearch-en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/wordwhomp2/whomp2-en_US.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104984549012
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157565582500
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} - hxxp://www.kiddonet.com/kiddonet/GtekPrt.ocx
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S2 McShield;McAfee Real-time Scanner; [x]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2009-1-3 68954]
S3 SKUSBKBF;USB Keyboard Filter Driver;c:\windows\system32\drivers\skusbkbf.sys [2001-7-27 14048]
S4 McSysmon;McAfee SystemGuards; [x]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-19 24652]

=============== Created Last 30 ================

2009-11-07 21:58 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 21:58 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-11-07 21:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 23:50 <DIR> --d----- c:\program files\ESET
2009-11-04 22:32 195,456 -------- c:\windows\system32\MpSigStub.exe
2009-11-04 22:29 <DIR> --d----- c:\program files\Microsoft Security Essentials
2009-11-04 16:16 50,176 a------- c:\windows\system32\proquota.exe
2009-11-04 14:14 <DIR> a-dshr-- C:\cmdcons
2009-11-04 13:49 267,264 a------- c:\windows\PEV.exe
2009-11-04 13:49 161,792 a------- c:\windows\SWREG.exe
2009-11-04 13:49 98,816 a------- c:\windows\sed.exe
2009-11-04 13:49 77,312 a------- c:\windows\MBR.exe
2009-11-04 13:48 <DIR> --d----- C:\Combo-Fix
2009-11-04 12:50 <DIR> --d----- C:\32788R22FWJFW.1.tmp
2009-11-03 21:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-11-03 01:23 <DIR> --d----- c:\docume~1\wennin~1\applic~1\AVG8
2009-11-02 14:32 <DIR> --d----- c:\program files\Panda Security
2009-11-02 02:16 <DIR> --d----- c:\docume~1\wennin~1\applic~1\Malwarebytes
2009-11-01 23:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 02:40 552 a------- c:\windows\system32\d3d8caps.dat
2009-10-31 22:56 12,211 a------- c:\windows\abipy.lib
2009-10-31 22:56 19,953 a------- c:\windows\system32\wifaru.db

==================== Find3M ====================

2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 03:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-20 15:09 1,193,832 a------- c:\windows\system32\FM20.DLL
2008-12-16 16:22 139,112 ac------ c:\docume~1\wennin~1\applic~1\GDIPFONTCACHEV1.DAT
2004-12-25 19:47 35,121,138 a------- c:\program files\NIS_Retail.EXE
2008-10-17 01:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101720081018\index.dat

============= FINISH: 10:49:50.21 ===============

#38 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 09 November 2009 - 10:27 AM

Ok,

Boot into normal mode.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Then try to re run OTL.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#39 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 09 November 2009 - 09:06 PM

Okay, I ran TFC and it ran perfectly. It deleted over 1200 MB of files!! Insane! The computer rebooted and I ran OTL. It seemed to be going great then that same error came up. It only cam up once though and when I clicked OK another error appeared that said Out Of Memory. I clicked OK and the program does nothing more. I tried running TFC again and rebooted then tried OTL again. The same thing happened. I tried deleting my current OTL and downloading a new one, that didn't work either. Whats next? lol

#40 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 10 November 2009 - 01:53 AM

Ok,

We'll how another tool gets along then.

Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

    Advertisements

Register to Remove


#41 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 10 November 2009 - 01:59 PM

Okay...I downloaded avz4. Everytime I tried to update it the program would lock up. I tried the other source and the same thing happened. It doesnt give me an error or anything just stops responding. So I tried running it without updating. I started it and everything seemed to be running okay so I walked away. When I came back it was gone. I checked to see if there was a log somewhere. There is a log folder in the AVZ4 folder but no log. There is also a quarantine folder that wasnt there before. Inside of it is another folder with todays date and inside that was this called avz00001.ini. When I opened it this is what it said: [InfectedFile] Src=C:\Program Files\Common Files\aolshare\Coach\Player\AOLNySEV.exe Infected=avz00001.dta Virus=Suspicion for Hoax.Win32.Bravia.jf ( 09CE7218 029ED0F4 00251B7F 001EBC3C 41472) QDate=11/10/2009 2:13:48 PM Size=41472 MD5=41D564A7EF21D51357D5A3A24F26DD25 FileDate=5/4/2003 12:37:32 PM AVZVer=4.32 Attr= MainAVBase=8/21/2009 2:23:22 PM Thats all there was. Should I try riunning it again? Is it possible that whatever my computer is infected with is not allowing any of these programs to run?

#42 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 10 November 2009 - 02:48 PM

Potentially,

Try to run it again and lets see what happens.

If not,

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
disallow

[Exclude]


[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#43 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 10 November 2009 - 03:08 PM

Finally! I think something worked correctly! Here you go: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.6.0 ; Results at 11/10/2009 4:05:30 PM for strings: ; 'disallow' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Microsoft\MM20\Narration Settings] "Disallow moving clips"=dword:00000000 [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Policies\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\S-1-5-21-2624249815-826661598-447150811-1006\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Disallowed\CTLs] [HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\Disallowed] [HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates] [HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs] [HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs] ; End Of The Log...

#44 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 11 November 2009 - 01:57 AM

Ok,

Nothing there out of the ordinary.


Hi there and sorry for the delay I will need a fresh look at your system and what are your current symptoms

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Approved Shell Extensions
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - Drivers32
    • Reg - File Associations
    • Reg - NetSvcs
    • Reg - SafeBoot Minimal
    • Reg - SafeBoot Network
    • Reg - Shell Spawning
    • Reg - Uninstall List
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scans box at the bottom left paste the following in

    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click Posted Image on to insert the attachment into your post

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#45 StormyHaze

StormyHaze

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 11 November 2009 - 11:00 AM

Okay, I tried running OTS.. I got the same error that I get when I try to run OTL (The application or DLL C:\DOCUME~1\WENNIN~1\LOCALS~1\TEMP\ec0fe01c2.tmp is not a valid windows image. Please check this against your installation diskette.). Then when I clicked OK the program just shut down. No log or anything. Do you think we could just manually remove this file since it is causing so many problems? Thanks again for all your help! It really is appreciated! :-)

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users