[arclight]

Today i received a letter from my ISP,Virgin Media informing me i have a Trojan named Torpig (also known as mebroot,sinowal,anserin)on my PC.

I am not sure why they e-mailed me as they never have before for a virus however they advise me to check my computer so i am running the OTL,MBAM and rootrepeal and here are the logs.


Malwarebytes' Anti-Malware 1.42
Database version: 3292
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

04/12/2009 14:20:31
mbam-log-2009-12-04 (14-20-31).txt

Scan type: Quick Scan
Objects scanned: 136257
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/04 14:46
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA630000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C34000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9B78000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sbapifs.sys
Image Path: C:\WINDOWS\system32\drivers\sbapifs.sys
Address: 0xF8A0E000 Size: 27392 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "sbhr.sys" at address 0xf8b0a514

#: 041 Function Name: NtCreateKey
Status: Hooked by "sbhr.sys" at address 0xf8b0a552

#: 119 Function Name: NtOpenKey
Status: Hooked by "sbhr.sys" at address 0xf8b0a4d0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sbhr.sys" at address 0xf8b0a5a2

==EOF==



OTL logfile created on: 04/12/2009 14:54:52 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 160.07 Mb Available Physical Memory | 31.30% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 15.10 Gb Free Space | 39.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.53 Gb Total Space | 5.44 Gb Free Space | 7.30% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-2A1DED054E
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/04 14:53:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/11/12 17:06:04 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/19 15:50:14 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/08/14 15:33:14 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/08/14 15:33:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/14 15:33:14 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/30 14:45:38 | 00,470,528 | ---- | M] ( ) -- F:\RootRepeal.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/03/27 03:15:26 | 00,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark Z2300 Series\ezprint.exe
PRC - [2008/03/27 03:15:24 | 00,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
PRC - [2008/03/12 21:05:18 | 00,532,480 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/02/27 11:06:28 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007/06/15 14:17:44 | 00,789,232 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
PRC - [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/28 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2005/10/14 10:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [1998/07/07 16:04:24 | 00,037,376 | ---- | M] () -- C:\Program Files\TextBridge Classic 2.0\Bin\InstantAccess.exe


========== Modules (SafeList) ==========

MOD - [2009/12/04 14:53:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2006/08/25 15:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [1998/07/07 15:47:16 | 00,119,808 | ---- | M] () -- C:\Program Files\TextBridge Classic 2.0\Bin\Tbmhook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 17:06:04 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/14 15:33:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/30 23:57:16 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/06 14:25:37 | 00,423,576 | ---- | M] () -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2008/03/12 21:05:18 | 00,532,480 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/03/12 16:14:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/02/27 11:06:28 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/12/01 07:16:47 | 00,098,984 | ---- | M] () -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2007/09/07 04:51:23 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/09/04 20:53:02 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2007/06/15 14:17:44 | 00,789,232 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe -- (SBCSSvc)
SRV - [2005/10/14 10:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005/10/14 10:51:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 10:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2003/11/09 10:34:12 | 00,045,056 | ---- | M] (International Software Systems Solutions) -- C:\Program Files\STOPzilla!\szntsvc.exe -- (STOPzilla Local Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/26 12:33:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/30 17:45:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/30 17:45:16 | 00,000,000 | ---D | M]

[2009/09/30 17:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/09/30 17:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions
[2009/09/30 17:35:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (610636 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16306 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [InstantAccess] C:\Program Files\TextBridge Classic 2.0\Bin\InstantAccess.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [LeechGet] File not found
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2009\Parser.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 21:00:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/23 21:47:18 | 00,000,019 | ---- | M] () - F:\AutoCrop.log -- [ NTFS ]
O32 - AutoRun File - [2009/02/23 05:19:55 | 12,341,641 | ---- | M] () - F:\AutoGordianKnot.2.55.Setup.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/04 21:00:17 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765169410473984)

========== Files/Folders - Created Within 14 Days ==========

[2008/11/05 19:22:44 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2007/11/20 06:13:21 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2007/11/20 06:09:43 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2007/11/20 06:06:32 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2007/11/20 06:06:32 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2007/11/20 06:06:17 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2007/11/20 06:05:08 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2007/11/20 06:04:49 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2007/11/20 06:04:28 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2007/11/20 06:03:22 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2007/11/20 06:01:20 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll

========== Files - Modified Within 14 Days ==========

[2009/12/04 14:23:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/04 14:23:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/04 14:23:39 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/04 14:22:47 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2009/12/04 14:22:36 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2009/12/04 02:34:18 | 00,185,344 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/30 20:12:05 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/23 21:56:50 | 00,006,608 | ---- | M] () -- C:\Documents and Settings\user\My Documents\prac5game1.htm

========== Files Created - No Company Name ==========

[2009/12/04 14:53:05 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/11/23 21:56:50 | 00,006,608 | ---- | C] () -- C:\Documents and Settings\user\My Documents\prac5game1.htm
[2009/02/23 05:22:19 | 00,000,543 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AutoGK.ini
[2008/12/31 22:58:09 | 00,001,728 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/08 02:45:38 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2008/12/08 02:40:18 | 00,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2008/12/08 02:35:46 | 00,000,100 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2008/12/08 02:35:31 | 00,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2008/12/08 02:35:31 | 00,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2008/12/08 02:35:31 | 00,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2008/12/08 02:35:31 | 00,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2008/11/15 00:18:40 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/11/15 00:18:40 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/11/15 00:18:40 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/11/15 00:18:39 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/11/05 20:59:22 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2008/11/05 19:22:44 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2008/11/05 19:11:43 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2008/07/05 23:43:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/05 23:43:45 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/28 17:51:49 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2007/11/16 16:12:24 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2007/11/07 23:46:37 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/07 23:46:37 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/31 08:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/15 20:32:41 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/03 00:31:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/09/24 21:48:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/14 18:27:40 | 00,015,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbhr.sys
[2007/09/13 21:31:15 | 01,422,530 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/09/13 18:53:09 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/09/11 21:02:41 | 00,185,344 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 17:23:56 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/04 21:51:11 | 00,000,541 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/03/27 09:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/10/30 10:30:30 | 00,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/03/18 13:16:04 | 00,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/11/02 10:39:16 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 10:39:16 | 00,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/01/19 04:18:52 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2004/10/05 22:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/05/20 15:50:14 | 01,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/01 19:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/11/08 21:31:34 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\SZFrame.dll
[2003/08/07 19:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/11/24 12:40:36 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/10/15 22:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2008/06/30 13:02:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2008/01/28 17:42:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/10/25 19:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2009/03/18 21:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/08/10 18:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2007/09/12 21:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/05/17 20:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/18 17:07:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}
[2009/01/15 03:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\avidemux
[2008/11/15 00:16:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AviDvdBurner
[2009/10/11 21:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus
[2008/03/27 17:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BIFHE
[2007/10/31 20:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer
[2007/10/31 20:02:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer Pro
[2007/09/13 01:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2009/01/15 04:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2009/10/25 19:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\JCreator
[2009/09/30 21:37:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2008/06/18 17:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Seven Zip
[2007/09/12 21:21:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\STOPzilla!
[2007/10/03 00:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template
[2007/09/13 01:03:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\websymbols\atapi.sys\41107B4D17480\atapi.sys
[2006/02/28 12:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2006/02/28 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/02/28 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2006/02/28 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2006/02/28 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2006/02/28 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/02/28 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
< End of report >


OTL Extras logfile created on: 04/12/2009 14:54:52 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 160.07 Mb Available Physical Memory | 31.30% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 15.10 Gb Free Space | 39.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.53 Gb Total Space | 5.44 Gb Free Space | 7.30% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-2A1DED054E
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:drv
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"80:TCP" = 80:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Disabled:sopvod -- ()
"C:\Program Files\Azureusvuze\Azureus.exe" = C:\Program Files\Azureusvuze\Azureus.exe:*:Disabled:Azureus -- (Azureus Inc)
"C:\Program Files\Azureus2\Azureus.exe" = C:\Program Files\Azureus2\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" = C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\lxdpcoms.exe" = C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013BE9DC-2E1A-7E95-15D9-C81E91A19510}" = Catalyst Control Center Graphics Full Existing
"{033E06D3-487A-8ED4-1672-B060C0A97D24}" = Skins
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06542CA3-F90C-BE75-656E-83A0B076213A}" = Catalyst Control Center Localization Czech
"{074C0987-378C-5E80-15F6-437B8717A16D}" = ccc-core-preinstall
"{08ABF6AA-C9E7-4A75-9A11-A2D34D79B7B7}" = Microsoft PrintForm Component 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1583C7B3-5D84-4E62-9C55-BCB795EE7B19}" = Catalyst Control Center Core Implementation
"{18070238-0B24-6C19-52B8-368D26E8F1BC}" = Catalyst Control Center Localization Italian
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D341BEB-869D-E150-1A18-10B02B7E10BF}" = Catalyst Control Center Localization Finnish
"{1D544865-1A49-C99A-7189-ADD5464D8381}" = Catalyst Control Center Localization Thai
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EE09C14-D1C8-D38C-B8BD-4A5DDA31A33C}" = CCC Help Danish
"{2F6D51D7-F65C-840D-69B3-F9CDC4D1C2CC}" = CCC Help Turkish
"{3037A890-E9CE-4E89-A7FA-0540A3A6A887}" = STOPzilla!
"{3187E3CF-A2C8-F15F-ADEE-3A966CCAB69E}" = CCC Help Thai
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16
"{347362FC-2826-4EDB-B1E3-FC55900CA632}_is1" = HJ-Split 2.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3B45D262-3BEE-477F-8652-EC24950D3F65}" = Adobe Director 11
"{3D84CD86-8A47-D0BF-CD0D-AC1749D1B895}" = CCC Help Norwegian
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44BABF05-8ED2-CEE4-D59F-17E605C4B6FE}" = CCC Help Chinese Traditional
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{469231D8-0FBD-82A8-4DC6-DDC664A77629}" = Catalyst Control Center Localization Portuguese
"{49899342-3922-06B5-E38E-17DE462A18C3}" = CCC Help Russian
"{49F10BCB-9587-6C5B-51F8-BE18A732183F}" = Catalyst Control Center Localization Dutch
"{4A545288-D1F5-0C0F-BC97-8179E6FF1794}" = CCC Help Japanese
"{4B296228-DF7C-43EA-8DED-76027355B219}" = Opera 10.01
"{510D967A-B190-C5B9-D2F8-D2009EB2EF93}" = Catalyst Control Center Localization Russian
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59B84475-BEA1-CCBB-36C0-A7CD804F821F}" = Catalyst Control Center Localization Spanish
"{5AFAF0D6-E4FB-CB2C-CAA1-AF78055CD951}" = CCC Help Italian
"{60469B62-EB5C-D37E-D473-4F763F541783}" = Catalyst Control Center Localization Norwegian
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CDE6C4F-6FD7-4F24-A116-F0D173432FFC}" = Adobe Setup
"{70553946-F6FD-41F4-A3BB-EB3F6CACCB07}" = Sunbelt CounterSpy
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71A78AEF-7D16-0917-778E-1E04D486FB9E}" = Catalyst Control Center Graphics Light
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770A65D6-F37E-7447-517A-E62282C7EA18}" = CCC Help French
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B2387B2-63DC-5F0D-3E44-130AB689F1A2}" = Catalyst Control Center Graphics Previews Common
"{7D3CA676-421C-5854-1D80-535FD684E5BC}" = Catalyst Control Center Localization Hungarian
"{8041F412-ABCE-51DA-B8D4-E1BC75FDBF0D}" = Catalyst Control Center Localization Chinese Standard
"{8314CCDE-D301-CABC-EDE7-D391D3E1C7DC}" = CCC Help Spanish
"{8428DF28-CCAF-501E-25CD-1391CD2D5CC9}" = CCC Help Portuguese
"{86B03DBF-D97A-02D7-C6E0-64B1CF7998D8}" = Catalyst Control Center Localization German
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF06947-F556-D573-95D1-AB7A7440AAA1}" = CCC Help Greek
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8DC25D22-3957-4F3F-14F1-4413DB0ED51F}" = Catalyst Control Center Localization Polish
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{913CA370-6B97-3C12-F54D-1BBA8F41303A}" = CCC Help Czech
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{94175F2B-39EB-B64B-50B0-501EDD13D820}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{966077F9-4923-B3B1-73A6-593E4627B5F7}" = Catalyst Control Center Localization French
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{9DA4749E-BF71-8DAE-948A-3A44408550D6}" = Catalyst Control Center Graphics Full New
"{A1ECCE64-98DB-4F40-95BB-1BD8F1C939B2}" = Dealio Toolbar
"{A5227CA4-8613-CB80-EFC0-D90A424B5430}" = Catalyst Control Center Localization Turkish
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B197FA45-6A2A-8CA4-888B-38BF0DD5DC90}" = CCC Help Chinese Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F40112-0067-880A-C696-5E2ECC547F2B}" = Catalyst Control Center Localization Danish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA185841-9581-E711-8DB3-24FA5ADED6AD}" = CCC Help English
"{BB00789E-CDE5-0824-F8CB-ABF5EAA0BB1A}" = Catalyst Control Center Localization Chinese Traditional
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C6BA2362-C93F-73F5-29E9-CF4100C5CA02}" = Catalyst Control Center Localization Swedish
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C930BF21-C79B-C4DC-7092-2E7898FE5554}" = CCC Help Swedish
"{C9BC573D-3BB5-C839-409D-C964E874188D}" = CCC Help Polish
"{D657FAA8-9042-9CE7-14D9-048A5C88818D}" = Catalyst Control Center Localization Greek
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1DED507-D03F-C0E4-ECE6-542541897A0C}" = CCC Help Finnish
"{E3B35466-F7B6-3BE0-EE8D-3DEE37492649}" = CCC Help German
"{E7F430A8-AADA-6F9C-CE37-E1174BAD27B0}" = ccc-utility
"{EC15C65D-4DE1-3AC7-93B5-D7B2FC02EC09}" = ccc-core-static
"{ECD2A0EE-7BAB-463A-F910-4FD7CE58FC00}" = Catalyst Control Center Localization Japanese
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F6C11B5C-0E30-E6F8-46B9-21EF9CE7995D}" = CCC Help Korean
"{F79E3C41-5367-5ADA-5C18-4C9E91FD9852}" = Catalyst Control Center Localization Korean
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FEF74B44-EF2B-762C-3D69-4CA101E792B4}" = CCC Help Dutch
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2755fefb5e3352ee2921713793bdbf8" = Adobe Director 11
"Alarm Master_is1" = Alarm Master v 4.23
"All ATI Software" = ATI - Software Uninstall Utility
"AllToAVI" = AllToAVI v4 r5394
"Alt.Binz" = Alt.Binz 0.25.0
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Azureus Vuze" = Azureus Vuze
"Blaze Media Pro" = Blaze Media Pro
"DRM7Tool" = Personal License Update Wizard for Windows Media Player
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DvdCover+_is1" = DvdCover+ 2.1
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FileHippo.com" = FileHippo.com Update Checker
"Free Registry Fix" = Free Registry Fix 3.10
"HijackThis" = HijackThis 1.99.1
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"JCreator LE_is1" = JCreator LE 4.50
"LeechGet 2009_is1" = LeechGet 2009 Version 2.1
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MKVtoolnix" = MKVtoolnix 2.5.1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1
"RealAlt_is1" = Real Alternative 1.8.2
"SereneScreen Marine Aquarium Time_is1" = SereneScreen Marine Aquarium Time
"SMPlayer_is1" = SMPlayer 0.5.60
"SopCast" = SopCast 2.0.4
"STOPzilla" = STOPzilla!
"Test My Hardware_is1" = Test My Hardware 2.3
"TextBridge Classic 2.0" = TextBridge Classic 2.0
"TVUPlayer" = TVUPlayer 2.4.1.0
"VLC media player" = VideoLAN VLC media player 0.8.2
"VobSub" = VobSub v2.23 (Remove Only)
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.7.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinPatrol" = WinPatrol 2007
"WinRAR archiver" = WinRAR archiver
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 04/12/2009 10:21:34 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 04/12/2009 10:21:34 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/12/2009 10:21:34 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7034
Description = The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has
done this 1 time(s).

Error - 04/12/2009 10:21:34 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7034
Description = The Sunbelt CounterSpy Antispyware service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/12/2009 10:22:20 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdp_device service to
connect.

Error - 04/12/2009 10:22:20 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7000
Description = The lxdp_device service failed to start due to the following error:
%%1053

Error - 04/12/2009 10:24:50 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdpCATSCustConnectService
service to connect.

Error - 04/12/2009 10:24:50 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7000
Description = The lxdpCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 04/12/2009 10:24:50 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 04/12/2009 10:24:50 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >


Thank you in advance for any assistance. If you would like to know more info about the letter Virgin sent i can provide it as well.

[Advertisements]

Hello arclight,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[Thunderbird1988]

Hello arclight,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[arclight]

Hi,I had another look at the e-mail and it mentioned my boot sector might be infected, i ran my anti-virus Avira and it seems to have defected a program in that area.



Avira AntiVir Personal
Report file date: 04 December 2009 20:25

Scanning for 1417505 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : USER-2A1DED054E

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 11:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 20:23:52
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 20:23:52
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 20:23:52
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 20:23:52
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 20:23:52
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 20:23:52
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 20:23:52
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 20:23:52
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 20:23:52
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 20:23:53
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 20:23:53
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 20:23:53
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 20:23:54
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 20:23:54
VBASE015.VDF : 7.10.1.129 2048 Bytes 11/30/2009 20:23:54
VBASE016.VDF : 7.10.1.130 2048 Bytes 11/30/2009 20:23:54
VBASE017.VDF : 7.10.1.131 2048 Bytes 11/30/2009 20:23:54
VBASE018.VDF : 7.10.1.132 2048 Bytes 11/30/2009 20:23:54
VBASE019.VDF : 7.10.1.133 2048 Bytes 11/30/2009 20:23:54
VBASE020.VDF : 7.10.1.134 2048 Bytes 11/30/2009 20:23:54
VBASE021.VDF : 7.10.1.135 2048 Bytes 11/30/2009 20:23:54
VBASE022.VDF : 7.10.1.136 2048 Bytes 11/30/2009 20:23:54
VBASE023.VDF : 7.10.1.137 2048 Bytes 11/30/2009 20:23:54
VBASE024.VDF : 7.10.1.138 2048 Bytes 11/30/2009 20:23:54
VBASE025.VDF : 7.10.1.139 2048 Bytes 11/30/2009 20:23:54
VBASE026.VDF : 7.10.1.140 2048 Bytes 11/30/2009 20:23:54
VBASE027.VDF : 7.10.1.141 2048 Bytes 11/30/2009 20:23:55
VBASE028.VDF : 7.10.1.142 2048 Bytes 11/30/2009 20:23:55
VBASE029.VDF : 7.10.1.143 2048 Bytes 11/30/2009 20:23:55
VBASE030.VDF : 7.10.1.144 2048 Bytes 11/30/2009 20:23:55
VBASE031.VDF : 7.10.1.169 148992 Bytes 12/4/2009 20:23:55
Engineversion : 8.2.1.92
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 07:38:52
AESCRIPT.DLL : 8.1.2.45 586108 Bytes 12/4/2009 20:23:57
AESCN.DLL : 8.1.2.5 127346 Bytes 11/8/2009 07:38:46
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 07:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 12/4/2009 20:23:57
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 07:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 07:38:38
AEHEUR.DLL : 8.1.0.184 2146681 Bytes 12/4/2009 20:23:56
AEHELP.DLL : 8.1.7.5 237942 Bytes 12/4/2009 20:23:56
AEGEN.DLL : 8.1.1.78 364917 Bytes 12/4/2009 20:23:55
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 07:38:26
AECORE.DLL : 8.1.8.5 180598 Bytes 12/4/2009 20:23:55
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 07:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 15:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 12:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: 04 December 2009 20:25

Starting search for hidden objects.
'185213' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'SBCSSvc.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'McSACore.exe' - '1' Module(s) have been scanned
Scan process 'lxdpcoms.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'INSTAN~1.EXE' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[DETECTION] Contains code of the BOO/Sinowal.E boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[DETECTION] Contains code of the BOO/Sinowal.E boot sector virus
[NOTE] The boot sector was not written!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard11.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard13.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard22.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard24.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard28.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard30.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard33.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard35.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr07GIR
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr09I8H
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr09IBC
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr09IMW
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr0AOL3
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[DETECTION] Contains recognition pattern of the ADSPY/cfd.A.2 adware or spyware
Begin scan in 'F:\' <SCSI1_VOL1>
F:\10c9c84d53e54c593e4a1ad10f637c7d18.zip
[0] Archive type: ZIP
--> AVG.Anti-VirusProSE/keygen.exe
[DETECTION] Is the TR/Spirt.8 Trojan
F:\AVG.Anti-VirusProSE\keygen.exe
[DETECTION] Is the TR/Spirt.8 Trojan
F:\CounterSpy v2.1.0.917\CounterSpy v2.1.0.917 Patch.exe
[DETECTION] Is the TR/Patch.Z Trojan
F:\New Folder\GET MUSIC wwe raw 1998 live.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
F:\New Folder\Microsoft Publisher XP 2002 With Serial.zip
[0] Archive type: ZIP
--> Microsoft Publisher XP 2002/FILES/MOD/OFFICE1.CAB
[1] Archive type: CAB (Microsoft)
--> secmanag.CF96.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F
[WARNING] No further files can be extracted from this archive. The archive will be closed
F:\_OTL\MovedFiles\08142009_132943\New Folder\ash like snow.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
F:\_OTL\MovedFiles\08142009_132943\New Folder\deal or no deal.wav.wm
[DETECTION] Is the TR/Dldr.WMA.Wimad.A Trojan
F:\_OTL\MovedFiles\08142009_132943\New Folder\penelope cruz don't move.wmv
[DETECTION] Is the TR/Dldr.WMA.Wimad.A Trojan

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard11.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4b7aae7e.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a13be5f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard13.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a10b997.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard22.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a11b1cf.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a168907.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard24.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4b7aae7f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard28.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48fe5978.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard30.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48ff5140.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard33.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48fda908.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard35.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48f0eeb0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4b7aae80.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48f6e141.qua'!
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr07GIR
[NOTE] The file was moved to '4b8bae7e.qua'!
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr09I8H
[NOTE] The file was moved to '4b8bae7f.qua'!
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr09IBC
[NOTE] The file was moved to '481ad828.qua'!
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr09IMW
[NOTE] The file was moved to '4819d0f0.qua'!
C:\Documents and Settings\HelpAssistant.USER-2A1DED054E\Local Settings\Application Data\Opera\Opera\cache\opr0AOL3
[NOTE] The file was moved to '481828b8.qua'!
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[DETECTION] Contains recognition pattern of the ADSPY/cfd.A.2 adware or spyware
[NOTE] The file was moved to '4b5dae55.qua'!
F:\10c9c84d53e54c593e4a1ad10f637c7d18.zip
[NOTE] The file was moved to '4b7cae40.qua'!
F:\AVG.Anti-VirusProSE\keygen.exe
[DETECTION] Is the TR/Spirt.8 Trojan
[NOTE] The file was moved to '4b92ae75.qua'!
F:\CounterSpy v2.1.0.917\CounterSpy v2.1.0.917 Patch.exe
[DETECTION] Is the TR/Patch.Z Trojan
[NOTE] The file was moved to '4b8eae7f.qua'!
F:\New Folder\GET MUSIC wwe raw 1998 live.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4b6dae55.qua'!
F:\_OTL\MovedFiles\08142009_132943\New Folder\ash like snow.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4b81ae84.qua'!
F:\_OTL\MovedFiles\08142009_132943\New Folder\deal or no deal.wav.wm
[DETECTION] Is the TR/Dldr.WMA.Wimad.A Trojan
[NOTE] The file was moved to '4b7aae76.qua'!
F:\_OTL\MovedFiles\08142009_132943\New Folder\penelope cruz don't move.wmv
[DETECTION] Is the TR/Dldr.WMA.Wimad.A Trojan
[NOTE] The file was moved to '4b87ae76.qua'!


End of the scan: 05 December 2009 00:49
Used time: 3:53:50 Hour(s)

The scan has been done completely.

18032 Scanned directories
990870 Files were scanned
10 Viruses and/or unwanted programs were found
17 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
25 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
990843 Files not concerned
23771 Archives were scanned
4 Warnings
28 Notes
185213 Objects were scanned with rootkit scan
0 Hidden objects were found

Will update this reply with combofix log in an hour or so.

[arclight]

Combofix log


ComboFix 09-12-04.02 - user 05/12/2009 1:41.5.1 - x86
Running from: F:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\fuxafaby.dll
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\kuhila.dat
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\okabuxa.bat
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\reco.db
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\rohugago.dat
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\uqoxycyle.ban
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\uvydug.bat
c:\documents and settings\user\Cookies\fuxafaby.dll
c:\documents and settings\user\Cookies\kuhila.dat
c:\documents and settings\user\Cookies\okabuxa.bat
c:\documents and settings\user\Cookies\reco.db
c:\documents and settings\user\Cookies\rohugago.dat
c:\documents and settings\user\Cookies\uqoxycyle.ban
c:\documents and settings\user\Cookies\uvydug.bat
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 14:53 93320]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 07:16 98984]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 10:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LeechGet - (no file)
AddRemove-Blaze Media Pro - c:\documents and settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}\setup_blazemp.exe REMOVE=TRUE MODIFY=FALSE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 02:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll >>UNKNOWN [0x82645E40]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf873afc3
\Driver\ACPI -> 0x82645e40
\Driver\atapi -> atapi.sys @ 0xf86657b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> 0x82682800
PacketIndicateHandler -> NDIS.sys @ 0xf857eb21
SendHandler -> NDIS.sys @ 0xf8572d33
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x04CAA48C
malicious code @ sector 0x04CAA48F !
PE file found in sector at 0x04CAA4A5 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6808)
c:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-05 03:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 03:17

Pre-Run: 15,805,865,984 bytes free
Post-Run: 15,716,782,080 bytes free

- - End Of File - - 98E1BCA04DF6B055A84C467FE5267C9F

[Thunderbird1988]

Hello arclight,

According to Combofix, Sinowal is still present, but we will remove it.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

MBR::

MIA::

c:\windows\system32\userinit.exe
c:\windows\system32\proquota.exe

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Download CKScanner from here

Important : Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Thunderbird1988

[arclight]

During combofix it asked me did i want to update combofix.I clicked no but if i have to run it again should i accept the new update ?



ComboFix 09-12-04.02 - user 05/12/2009 14:30.6.1 - x86
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-05 13:25 . 2009-12-05 13:25 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-12-05 05:13 . 2009-12-05 05:13 160912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-05 05:12 . 2009-12-05 05:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 05:11 . 2009-12-05 05:11 -------- d-----w- c:\program files\Reference Assemblies
2009-12-05 05:10 . 2009-12-05 05:11 -------- d-----w- C:\e7241e681a8d2d600575b3588f74ab5f
2009-12-05 04:52 . 2009-12-05 04:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 13:20 . 2009-07-12 00:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-05 04:58 . 2007-10-23 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((( SnapShot@2009-12-05_02.45.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 19:41 . 2009-07-11 19:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-12-05 15:28 . 2009-12-05 15:28 16384 c:\windows\Temp\Perflib_Perfdata_6c8.dat
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2006-02-28 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2008-04-23 00:55 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 39424 c:\windows\system32\pngfilt.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 39424 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2009-12-05 05:19 88760 c:\windows\system32\perfc009.dat
+ 2008-07-25 11:17 . 2008-07-25 11:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 83968 c:\windows\system32\mscories.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 16384 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 96256 c:\windows\system32\inseng.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 97800 c:\windows\system32\infocardapi.dll
- 2008-10-08 22:45 . 2009-04-29 04:52 81920 c:\windows\system32\ieencode.dll
+ 2008-10-08 22:45 . 2009-06-26 16:18 81920 c:\windows\system32\ieencode.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 11264 c:\windows\system32\icardres.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 55808 c:\windows\system32\extmgr.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 73720 c:\windows\system32\dxva2.dll
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2006-02-28 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-02-28 12:00 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll
+ 2008-10-08 22:45 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll
- 2008-10-08 22:45 . 2009-04-29 04:52 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2007-09-04 20:55 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
- 2007-09-04 20:55 . 2009-04-27 09:17 18432 c:\windows\system32\dllcache\iedw.exe
+ 2007-03-22 19:24 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-02-28 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2006-02-28 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 96760 c:\windows\system32\dfshim.dll
+ 2006-02-28 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 84992 c:\windows\system32\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 58880 c:\windows\system32\atl.dll
+ 2006-02-28 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 21:10 . 2008-07-29 21:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 19:32 . 2008-07-29 19:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-29 21:07 . 2008-07-29 21:07 23040 c:\windows\Installer\8ac237.msp
+ 2009-12-05 05:07 . 2009-12-05 05:07 88576 c:\windows\Installer\832495.msi
+ 2009-12-05 05:10 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-12-05 15:00 . 2009-12-05 15:00 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\80665505e0ef175bd8b287325123b7c8\VSLangProj.ni.dll
+ 2009-12-05 13:43 . 2009-12-05 13:43 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f7af0aaadb179432bcdea05fa942261f\System.Windows.Presentation.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a88497839ef16fad00d3767e03ac380e\System.Web.DynamicData.Design.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-12-05 13:22 . 2009-12-05 13:22 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-12-05 05:21 . 2009-12-05 05:21 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\662721fa02be6885737a05d1f808ff09\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ec83ec80653eb20ccc6ed42075c90aee\Microsoft.VisualC.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5f191a0a1898e6a24c126ae4a7110472\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-12-05 14:39 . 2009-12-05 14:39 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-12-05 05:11 . 2009-12-05 05:11 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\$hf_mig$\KB973507\SP3GDR\atl.dll
+ 2009-07-17 18:43 . 2009-07-17 18:43 58880 c:\windows\$hf_mig$\KB973507\SP2QFE\atl.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260\update\spcustom.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260\spmsg.dll
+ 2009-06-26 16:42 . 2009-06-26 16:42 81920 c:\windows\$hf_mig$\KB972260\SP3QFE\ieencode.dll
+ 2009-06-26 16:50 . 2009-06-26 16:50 81920 c:\windows\$hf_mig$\KB972260\SP3GDR\ieencode.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 39424 c:\windows\$hf_mig$\KB972260\SP2QFE\pngfilt.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 16384 c:\windows\$hf_mig$\KB972260\SP2QFE\jsproxy.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 96256 c:\windows\$hf_mig$\KB972260\SP2QFE\inseng.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 81920 c:\windows\$hf_mig$\KB972260\SP2QFE\ieencode.dll
+ 2009-06-22 11:40 . 2009-06-22 11:40 18432 c:\windows\$hf_mig$\KB972260\SP2QFE\iedw.exe
+ 2009-06-26 15:59 . 2009-06-26 15:59 55808 c:\windows\$hf_mig$\KB972260\SP2QFE\extmgr.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\$hf_mig$\KB971557\SP3GDR\avifil32.dll
+ 2009-06-10 14:52 . 2009-06-10 14:52 84992 c:\windows\$hf_mig$\KB971557\SP2QFE\avifil32.dll
+ 2009-12-05 05:23 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-12-05 05:23 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\$hf_mig$\KB960859\SP3GDR\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\$hf_mig$\KB960859\SP3GDR\telnet.exe
+ 2009-06-12 11:49 . 2009-06-12 11:49 80896 c:\windows\$hf_mig$\KB960859\SP2QFE\tlntsess.exe
+ 2009-06-12 11:49 . 2009-06-12 11:49 76288 c:\windows\$hf_mig$\KB960859\SP2QFE\telnet.exe
+ 2009-12-05 05:18 . 2009-12-05 05:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-12-05 01:41 . 2009-12-05 14:01 3004 c:\windows\SoftwareDistribution\EventCache\{10E9E802-0028-4A1B-941F-40611C327E23}.bin
+ 2008-07-29 23:40 . 2008-07-29 23:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-12-05 05:14 . 2009-12-05 05:14 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 02:19 . 2007-11-07 02:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 02:19 . 2007-11-07 02:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 21:23 . 2007-11-06 21:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-29 21:26 . 2008-07-29 21:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-03-23 05:07 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2007-09-04 21:01 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 233472 c:\windows\system32\wmpdxm.dll
+ 2006-02-28 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\wmpdxm.dll
- 2006-02-28 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 659456 c:\windows\system32\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 659456 c:\windows\system32\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 616448 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 616448 c:\windows\system32\urlmon.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2007-03-22 19:25 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2007-03-22 20:03 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
- 2007-03-22 20:03 . 2007-03-22 20:03 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-22 20:03 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2007-03-22 19:24 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2007-03-22 19:24 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2007-03-22 19:24 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 474112 c:\windows\system32\shlwapi.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 474112 c:\windows\system32\shlwapi.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2007-03-22 19:25 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-29 20:35 . 2008-07-29 20:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-02-28 12:00 . 2009-12-05 05:19 487700 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\msv1_0.dll
+ 2007-09-04 20:53 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 532480 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 146432 c:\windows\system32\msrating.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 146432 c:\windows\system32\msrating.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 449024 c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 449024 c:\windows\system32\mshtmled.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 282112 c:\windows\system32\mscoree.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 251392 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 251392 c:\windows\system32\iepeers.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 622080 c:\windows\system32\icardagt.exe
+ 2007-09-04 21:38 . 2009-12-05 13:20 269392 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 21:10 . 2008-07-29 21:10 493048 c:\windows\system32\evr.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 205312 c:\windows\system32\dxtrans.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 205312 c:\windows\system32\dxtrans.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 357888 c:\windows\system32\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 357888 c:\windows\system32\dxtmsft.dll
+ 2007-03-23 05:07 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2006-02-28 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-02-28 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2006-02-28 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 659456 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 616448 c:\windows\system32\dllcache\urlmon.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2007-03-22 19:25 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
+ 2006-02-28 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-09-04 20:53 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 151040 c:\windows\system32\cdfview.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-12-05 05:13 . 2009-12-05 05:13 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 18:47 . 2008-07-29 18:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 18:47 . 2008-07-29 18:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 23:15 . 2008-07-29 23:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 23:40 . 2008-07-29 23:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 20:35 . 2008-07-29 20:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 04:59 . 2008-11-25 04:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 648192 c:\windows\Installer\8d0c1c.msi
+ 2008-07-29 21:23 . 2008-07-29 21:23 250880 c:\windows\Installer\8ac240.msp
+ 2008-07-29 21:28 . 2008-07-29 21:28 278016 c:\windows\Installer\8ac23e.msp
+ 2008-07-29 19:40 . 2008-07-29 19:40 291840 c:\windows\Installer\8ac23c.msp
+ 2009-12-05 05:12 . 2009-12-05 05:12 137728 c:\windows\Installer\8ac236.msi
+ 2008-07-29 17:35 . 2008-07-29 17:35 553472 c:\windows\Installer\83249a.msp
+ 2008-07-29 17:33 . 2008-07-29 17:33 506368 c:\windows\Installer\832498.msp
+ 2008-07-29 17:37 . 2008-07-29 17:37 911360 c:\windows\Installer\832497.msp
+ 2009-12-05 05:00 . 2009-12-05 05:00 817152 c:\windows\Installer\78cc29.msi
+ 2009-12-05 04:52 . 2009-12-05 04:52 248832 c:\windows\Installer\78cc07.msi
+ 2009-12-05 05:10 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-12-05 13:45 . 2009-12-05 13:45 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a83372e5cbc4042b620166dd5350d85f\WindowsFormsIntegration.ni.dll
+ 2009-12-05 13:43 . 2009-12-05 13:43 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-12-05 13:42 . 2009-12-05 13:42 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-12-05 15:00 . 2009-12-05 15:00 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:57 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f65fb8be2e362734f53fbb9dc35f26e2\System.Web.Extensions.Design.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4dae0afee576eae5e2d581da2a9796c7\System.Web.Entity.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4c80451cab9ed54fe57833031f1dd839\System.Web.Entity.Design.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 543232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\eeaf56aa1bd6d24e36030b39a5c47548\System.Web.DynamicData.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-12-05 14:56 . 2009-12-05 14:56 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-12-05 14:56 . 2009-12-05 14:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-12-05 14:33 . 2009-12-05 14:33 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-12-05 14:32 . 2009-12-05 14:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-12-05 13:39 . 2009-12-05 13:39 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-12-05 14:53 . 2009-12-05 14:53 940032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bd901a9bae6a3da584d7967a671a9ebc\System.Data.Services.Client.ni.dll
+ 2009-12-05 14:54 . 2009-12-05 14:54 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\256b00658cc130c386896268a71b620c\System.Data.Services.Design.ni.dll
+ 2009-12-05 14:50 . 2009-12-05 14:50 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-12-05 14:37 . 2009-12-05 14:37 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-12-05 13:33 . 2009-12-05 13:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\92748439cdac6ddf0f44ea37c80f86e6\PresentationFramework.Luna.ni.dll
+ 2009-12-05 13:33 . 2009-12-05 13:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\64e2cac1a876e4a95db852f4bd7745b0\PresentationFramework.Aero.ni.dll
+ 2009-12-05 13:33 . 2009-12-05 13:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a14da1535de3ee3408f5595770ceb6\PresentationFramework.Royale.ni.dll
+ 2009-12-05 13:33 . 2009-12-05 13:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1d02316b59717479d61ce0ddba9af4b1\PresentationFramework.Classic.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 895488 c:\windows\assembly\NativeImages_v2.0.50727_32\msvcm80\1ccc0a3f78a0244fd409e393b07a50bb\msvcm80.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-12-05 14:48 . 2009-12-05 14:48 821760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f4cd2f329f679b71075b16cbaa2f8b33\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2009-12-05 14:44 . 2009-12-05 14:44 996352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e59f198d4fc72e477fbc898c8afda703\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e1cfcf7696c8d8bc8932bf904f96f6b1\Microsoft.VisualStudio.Shell.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ce16c16ffe3e5854a1991a4cf5286a7d\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 666112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\baf6cf9238c30b5b3895f49dbeca148b\Microsoft.VisualStudio.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 595968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b9e89d784d8d93fde507e55f3d738d1a\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 773632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8614f9f033f630956c2e924ba8edfa8e\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\472373a9478ff5e8f55a04439da6366d\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\27ac14de9a5086cdfeeda114af2abac3\Microsoft.VisualStudio.Configuration.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\17d09a3622beafbbdafef82ebc49daab\Microsoft.VisualStudio.EnterpriseTools.ni.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ed8ccc800ee6aebaaa48658a069f8bd5\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a0ede67a0c21b491d0cfe8dc4a343243\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3ce0561b625697388a542557ef967253\Microsoft.SqlServer.Setup.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ab0fa478df45e38225090c1deff0e6fd\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\9a6da6a62d18cf09b80d7312e891dfea\Microsoft.CompactFramework.Design.SmartPhone.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 461824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\5bdbdaee64f4ae7092568da893991efe\Microsoft.CompactFramework.Design.WindowsCE.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\29a51e0d755cb925201d7815cb3d7532\Microsoft.CompactFramework.Design.PocketPC.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\159ec4b66221775e0d2adfb40f4cc031\EnvDTE80.ni.dll
+ 2009-12-05 14:39 . 2009-12-05 14:39 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\8eadb955cd57140f56d66ed4b84705a6\EnvDTE.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-12-05 14:36 . 2009-12-05 14:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-12-05 14:39 . 2009-12-05 14:39 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 225280 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2009-12-05 04:52 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\$hf_mig$\KB973815\SP3GDR\mswebdvd.dll
+ 2009-08-05 08:42 . 2009-08-05 08:42 204800 c:\windows\$hf_mig$\KB973815\SP2QFE\mswebdvd.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-12-05 05:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2009-12-05 05:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260\update\updspapi.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260\update\update.exe
+ 2009-12-05 05:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB972260\spuninst.exe
+ 2009-06-26 16:42 . 2009-06-26 16:42 668160 c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
+ 2009-06-26 16:42 . 2009-06-26 16:42 620544 c:\windows\$hf_mig$\KB972260\SP3QFE\urlmon.dll
+ 2009-06-26 16:50 . 2009-06-26 16:50 666624 c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
+ 2009-06-26 16:50 . 2009-06-26 16:50 620032 c:\windows\$hf_mig$\KB972260\SP3GDR\urlmon.dll
+ 2009-06-22 11:26 . 2009-06-22 11:26 352768 c:\windows\$hf_mig$\KB972260\SP2QFE\xpsp3res.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 668160 c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 620032 c:\windows\$hf_mig$\KB972260\SP2QFE\urlmon.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 474112 c:\windows\$hf_mig$\KB972260\SP2QFE\shlwapi.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 532480 c:\windows\$hf_mig$\KB972260\SP2QFE\mstime.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 146432 c:\windows\$hf_mig$\KB972260\SP2QFE\msrating.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 449024 c:\windows\$hf_mig$\KB972260\SP2QFE\mshtmled.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 251904 c:\windows\$hf_mig$\KB972260\SP2QFE\iepeers.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 205312 c:\windows\$hf_mig$\KB972260\SP2QFE\dxtrans.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 357888 c:\windows\$hf_mig$\KB972260\SP2QFE\dxtmsft.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 151040 c:\windows\$hf_mig$\KB972260\SP2QFE\cdfview.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2009-12-05 05:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\$hf_mig$\KB971657\SP3GDR\wkssvc.dll
+ 2009-06-10 06:26 . 2009-06-10 06:26 134144 c:\windows\$hf_mig$\KB971657\SP2QFE\wkssvc.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971557\update\updspapi.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-12-05 05:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971557\spuninst.exe
+ 2009-12-05 05:23 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2009-12-05 05:23 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-12-05 05:23 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2007-03-23 05:07 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2006-02-28 12:00 . 2009-07-13 01:18 4960256 c:\windows\system32\wmp.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2008-04-23 00:55 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2008-04-23 00:55 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 05:07 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 1506304 c:\windows\system32\shdocvw.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 3062272 c:\windows\system32\mshtml.dll
+ 2007-03-23 05:07 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-09-04 20:55 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\mshtml.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1054208 c:\windows\system32\danim.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1023488 c:\windows\system32\browseui.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1023488 c:\windows\system32\browseui.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 18:47 . 2008-07-29 18:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 1738760 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 04:59 . 2008-11-25 04:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 09:57 . 2008-12-13 09:57 8397824 c:\windows\Installer\8d0c2b.msp
+ 2008-07-29 19:26 . 2008-07-29 19:26 1043456 c:\windows\Installer\8ac23f.msp
+ 2008-07-29 20:37 . 2008-07-29 20:37 2679808 c:\windows\Installer\8ac23d.msp
+ 2008-07-29 21:15 . 2008-07-29 21:15 3697664 c:\windows\Installer\8ac23b.msp
+ 2008-07-29 19:34 . 2008-07-29 19:34 1448448 c:\windows\Installer\8ac23a.msp
+ 2008-07-29 20:22 . 2008-07-29 20:22 4137984 c:\windows\Installer\8ac239.msp
+ 2008-07-29 19:18 . 2008-07-29 19:18 3376640 c:\windows\Installer\8ac238.msp
+ 2008-07-29 17:45 . 2008-07-29 17:45 2543616 c:\windows\Installer\83249e.msp
+ 2008-07-29 17:29 . 2008-07-29 17:29 2926080 c:\windows\Installer\83249d.msp
+ 2008-07-29 17:41 . 2008-07-29 17:41 6487040 c:\windows\Installer\83249c.msp
+ 2008-07-29 17:39 . 2008-07-29 17:39 3403264 c:\windows\Installer\83249b.msp
+ 2008-07-29 17:43 . 2008-07-29 17:43 1013248 c:\windows\Installer\832499.msp
+ 2008-07-29 17:31 . 2008-07-29 17:31 6083072 c:\windows\Installer\832496.msp
+ 2009-12-05 05:22 . 2009-12-05 05:22 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-12-05 13:43 . 2009-12-05 13:43 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-12-05 05:21 . 2009-12-05 05:21 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-12-05 13:42 . 2009-12-05 13:42 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:58 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\bc076f401df782e99d3d497ca2f49f3b\System.Web.Extensions.ni.dll
+ 2009-12-05 13:40 . 2009-12-05 13:40 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-12-05 14:56 . 2009-12-05 14:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5c3b03c2d75ecdbac4d1fc5fd5ea792e\System.ServiceModel.Web.ni.dll
+ 2009-12-05 14:33 . 2009-12-05 14:33 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-12-05 13:40 . 2009-12-05 13:40 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f5cba80c080c5a234c638e4459daf1a2\System.Printing.ni.dll
+ 2009-12-05 14:29 . 2009-12-05 14:29 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-12-05 13:39 . 2009-12-05 13:39 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-12-05 14:54 . 2009-12-05 14:54 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-12-05 14:54 . 2009-12-05 14:54 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-12-05 13:37 . 2009-12-05 13:37 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-12-05 14:53 . 2009-12-05 14:53 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e3b0718d54013a32ae657209cc191bc8\System.Data.Services.ni.dll
+ 2009-12-05 13:38 . 2009-12-05 13:38 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-12-05 14:50 . 2009-12-05 14:50 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-12-05 13:35 . 2009-12-05 13:35 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-12-05 13:35 . 2009-12-05 13:35 2128384 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c9ea0609aeb74eec2c5fd52a512398e3\ReachFramework.ni.dll
+ 2009-12-05 05:21 . 2009-12-05 05:21 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 1725952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f56b9d5c7e31635053aca97edda4cd98\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 1120256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d08af234888fe80e136793008f1fda98\Microsoft.VisualStudio.Design.ni.dll
+ 2009-12-05 14:44 . 2009-12-05 14:44 3940864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c05a596d86a0c53f69e7c0408aaa8fc1\Microsoft.VisualStudio.Editors.ni.dll
+ 2009-12-05 14:46 . 2009-12-05 14:46 2805248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\96008a0431880a4c003d5efe95cec7b3\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 1916416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7afdcb2246751ad97c2d13ea5b194059\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2009-12-05 14:44 . 2009-12-05 14:44 2139648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\61e42d25eaa0e9914351016ef401af2e\Microsoft.VisualStudio.Modeling.ni.dll
+ 2009-12-05 14:46 . 2009-12-05 14:46 2155008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2c8fef459dc8da442d8788926999e88e\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll
+ 2009-12-05 14:46 . 2009-12-05 14:46 1046528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\29e65fc333ded81d740e92caa0812e68\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 1714688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\13f4e5abdeeba27e3f167a9c61d8cb8e\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 3863552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0e9c93a6d830c6d3079f3008352cddd8\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-12-05 14:36 . 2009-12-05 14:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 1863680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\078b55882acbd6384241908649113223\Microsoft.CompactFramework.Design.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-12-05 05:20 . 2009-12-05 05:20 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-18 15:31 . 2009-07-18 15:31 1509888 c:\windows\$hf_mig$\KB972260\SP3QFE\shdocvw.dll
+ 2009-07-18 15:31 . 2009-07-18 15:31 3069952 c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
+ 2009-07-18 16:05 . 2009-07-18 16:05 1509888 c:\windows\$hf_mig$\KB972260\SP3GDR\shdocvw.dll
+ 2009-07-18 16:05 . 2009-07-18 16:05 3069440 c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
+ 2009-07-18 16:00 . 2009-07-18 16:00 1509888 c:\windows\$hf_mig$\KB972260\SP2QFE\shdocvw.dll
+ 2009-07-18 16:00 . 2009-07-18 16:00 3069440 c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 1054208 c:\windows\$hf_mig$\KB972260\SP2QFE\danim.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 1024000 c:\windows\$hf_mig$\KB972260\SP2QFE\browseui.dll
+ 2008-12-13 10:21 . 2008-12-13 10:21 10473472 c:\windows\Installer\8d0c2d.msp
+ 2009-12-05 05:00 . 2009-12-05 05:00 15705600 c:\windows\Installer\78cc32.msp
+ 2009-12-05 13:31 . 2009-12-05 13:31 14325760 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3.tmp\PresentationFramework.dll
+ 2009-12-05 05:17 . 2009-12-05 05:17 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP294.tmp\mscorlib.dll
+ 2009-12-05 13:39 . 2009-12-05 13:39 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\System.Design.dll
+ 2009-12-05 13:41 . 2009-12-05 13:41 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:57 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-12-05 14:35 . 2009-12-05 14:35 17316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d158ccb0c46f29a4a8d6de8074b1196d\System.ServiceModel.ni.dll
+ 2009-12-05 14:38 . 2009-12-05 14:38 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-12-05 05:23 . 2009-12-05 05:23 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-12-05 05:20 . 2009-12-05 05:20 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 14:53 93320]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 07:16 98984]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 10:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 15:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6284)
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-05 15:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 15:48
ComboFix2.txt 2009-12-05 03:17

Pre-Run: 15,447,838,720 bytes free
Post-Run: 15,280,009,216 bytes free

- - End Of File - - 20A412DD28DC578AFF266817BC1331E7




CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\club1.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\club3.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department.sln
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department.suo
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\classdiagram1.cd
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club1.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club1dataset.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club1dataset.xsc
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club1dataset.xsd
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club1dataset.xss
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club3.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club3dataset.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club3dataset.xsc
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club3dataset.xsd
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club3dataset.xss
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club4.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club4dataset.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club4dataset.xsc
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club4dataset.xsd
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\club4dataset.xss
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\clubdataset.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\clubdataset.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\clubdataset.xsc
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\clubdataset.xsd
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\clubdataset.xss
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\department.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\department.vbproj
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\departmentdataset.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\departmentdataset.xsc
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\departmentdataset.xsd
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\departmentdataset.xss
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\form1.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\form1.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\form1.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmabout.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmabout.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmabout.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmfight.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmfight.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmfight.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmfind.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmfind.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmfind.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmhelp.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmhelp.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmhelp.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmlogon.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmlogon.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmlogon.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmmenu.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmmenu.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmmenu.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmprint.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmprint.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmprint.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmprinthelp.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmprinthelp.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmprinthelp.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmquery.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmquery.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmquery.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmupdate.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmupdate.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmupdate.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmwelcome.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmwelcome.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\frmwelcome.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\bin\debug\club.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\bin\debug\club1.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\bin\debug\club3.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\bin\debug\club4.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\bin\debug\department.mdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\bin\debug\department.pdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\bin\debug\department.xml
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\my project\application.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\my project\application.myapp
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\my project\assemblyinfo.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\my project\resources.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\my project\resources.resx
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\my project\settings.designer.vb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\my project\settings.settings
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\department.vbproj.filelist.txt
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.form1.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmabout.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmfight.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmfind.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmhelp.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmlogon.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmmenu.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmprint.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmprinthelp.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmquery.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmupdate.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.frmwelcome.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.pdb
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.resources.resources
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.vbproj.generateresource.cache
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\department.xml
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\obj\debug\resolveassemblyreference.cache
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\crack\departmentfedor\department\resources\thumbs.db
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\-[mininova[1].org]- adobe.fireworks.cs3.v9.0.1188.keygen.internal-ssg.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\-[mininova[1].org]- avg.anti-virus.v7.1.362.keygen-ssg.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\=mininova[1].org= adobe.photoshop.cs3.v10.0.extended.keygen.only.internal.read.nfo-ssg.nt.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\avg[1].anti-virus.professional.v7.5.423.810.incl.keygen-ssg.rar.rar [mybittorrent.com].torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\avg[1].anti-virus.v7.1.362.keygen-ssg -[mininova.org]-.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\b-mininova[1].org-d avg 7.5 antivirus =keygen.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\[isohunt] avg[1].anti-virus.v7.1.405.791.incl.keygen-ssg.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\[isohunt] sony_acid_pro_6_including_keygen[1].3829109.tpb.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\^mininova[1].org^' avg anti-virus professional edition 7.5.484 incl keygen.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\~www[1].worldnova.org~avg_anti_virus_v7_1_405_781_incl_keygen_ssg.torrent
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\[aone]_naruto_51_75\avg[1].anti-virus.v7.1.362.keygen-ssg [mininova].torrent
c:\documents and settings\helpassistant.user-2a1ded054e\my documents\azureus downloads\avg.anti-virus.v7.1.362.keygen-ssg\keygen.exe
c:\documents and settings\helpassistant.user-2a1ded054e\my documents\azureus downloads\avg.anti-virus.v7.1.362.keygen-ssg\ssg.nfo
c:\documents and settings\user\desktop\stopzilla! v3.1.0.7 + crack (pop up blocker and the code works!!).zip
c:\documents and settings\user\desktop\crack\departmentfedor\club1.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\club3.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department.sln
c:\documents and settings\user\desktop\crack\departmentfedor\department.suo
c:\documents and settings\user\desktop\crack\departmentfedor\department\classdiagram1.cd
c:\documents and settings\user\desktop\crack\departmentfedor\department\club.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\club1.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\club1dataset.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\club1dataset.xsc
c:\documents and settings\user\desktop\crack\departmentfedor\department\club1dataset.xsd
c:\documents and settings\user\desktop\crack\departmentfedor\department\club1dataset.xss
c:\documents and settings\user\desktop\crack\departmentfedor\department\club3.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\club3dataset.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\club3dataset.xsc
c:\documents and settings\user\desktop\crack\departmentfedor\department\club3dataset.xsd
c:\documents and settings\user\desktop\crack\departmentfedor\department\club3dataset.xss
c:\documents and settings\user\desktop\crack\departmentfedor\department\club4.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\club4dataset.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\club4dataset.xsc
c:\documents and settings\user\desktop\crack\departmentfedor\department\club4dataset.xsd
c:\documents and settings\user\desktop\crack\departmentfedor\department\club4dataset.xss
c:\documents and settings\user\desktop\crack\departmentfedor\department\clubdataset.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\clubdataset.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\clubdataset.xsc
c:\documents and settings\user\desktop\crack\departmentfedor\department\clubdataset.xsd
c:\documents and settings\user\desktop\crack\departmentfedor\department\clubdataset.xss
c:\documents and settings\user\desktop\crack\departmentfedor\department\department.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\department.vbproj
c:\documents and settings\user\desktop\crack\departmentfedor\department\departmentdataset.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\departmentdataset.xsc
c:\documents and settings\user\desktop\crack\departmentfedor\department\departmentdataset.xsd
c:\documents and settings\user\desktop\crack\departmentfedor\department\departmentdataset.xss
c:\documents and settings\user\desktop\crack\departmentfedor\department\form1.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\form1.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\form1.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmabout.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmabout.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmabout.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmfight.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmfight.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmfight.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmfind.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmfind.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmfind.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmhelp.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmhelp.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmhelp.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmlogon.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmlogon.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmlogon.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmmenu.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmmenu.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmmenu.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmprint.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmprint.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmprint.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmprinthelp.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmprinthelp.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmprinthelp.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmquery.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmquery.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmquery.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmupdate.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmupdate.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmupdate.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmwelcome.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmwelcome.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\frmwelcome.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\bin\debug\club.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\bin\debug\club1.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\bin\debug\club3.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\bin\debug\club4.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\bin\debug\department.mdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\bin\debug\department.pdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\bin\debug\department.xml
c:\documents and settings\user\desktop\crack\departmentfedor\department\my project\application.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\my project\application.myapp
c:\documents and settings\user\desktop\crack\departmentfedor\department\my project\assemblyinfo.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\my project\resources.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\my project\resources.resx
c:\documents and settings\user\desktop\crack\departmentfedor\department\my project\settings.designer.vb
c:\documents and settings\user\desktop\crack\departmentfedor\department\my project\settings.settings
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\department.vbproj.filelist.txt
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.form1.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmabout.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmfight.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmfind.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmhelp.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmlogon.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmmenu.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmprint.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmprinthelp.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmquery.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmupdate.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.frmwelcome.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.pdb
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.resources.resources
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.vbproj.generateresource.cache
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\department.xml
c:\documents and settings\user\desktop\crack\departmentfedor\department\obj\debug\resolveassemblyreference.cache
c:\documents and settings\user\desktop\crack\departmentfedor\department\resources\thumbs.db
c:\documents and settings\user\desktop\downloads\-[mininova[1].org]- adobe.fireworks.cs3.v9.0.1188.keygen.internal-ssg.torrent
c:\documents and settings\user\desktop\downloads\-[mininova[1].org]- avg.anti-virus.v7.1.362.keygen-ssg.torrent
c:\documents and settings\user\desktop\downloads\=mininova[1].org= adobe.photoshop.cs3.v10.0.extended.keygen.only.internal.read.nfo-ssg.nt.torrent
c:\documents and settings\user\desktop\downloads\avg[1].anti-virus.professional.v7.5.423.810.incl.keygen-ssg.rar.rar [mybittorrent.com].torrent
c:\documents and settings\user\desktop\downloads\avg[1].anti-virus.v7.1.362.keygen-ssg -[mininova.org]-.torrent
c:\documents and settings\user\desktop\downloads\b-mininova[1].org-d avg 7.5 antivirus =keygen.torrent
c:\documents and settings\user\desktop\downloads\[isohunt] avg[1].anti-virus.v7.1.405.791.incl.keygen-ssg.torrent
c:\documents and settings\user\desktop\downloads\[isohunt] sony_acid_pro_6_including_keygen[1].3829109.tpb.torrent
c:\documents and settings\user\desktop\downloads\^mininova[1].org^' avg anti-virus professional edition 7.5.484 incl keygen.torrent
c:\documents and settings\user\desktop\downloads\~www[1].worldnova.org~avg_anti_virus_v7_1_405_781_incl_keygen_ssg.torrent
c:\documents and settings\user\desktop\[aone]_naruto_51_75\avg[1].anti-virus.v7.1.362.keygen-ssg [mininova].torrent
c:\documents and settings\user\my documents\azureus downloads\avg.anti-virus.v7.1.362.keygen-ssg\keygen.exe
c:\documents and settings\user\my documents\azureus downloads\avg.anti-virus.v7.1.362.keygen-ssg\ssg.nfo
c:\program files\java\jdk1.6.0_16\docs\api\java\security\spec\rsakeygenparameterspec.html
c:\program files\java\jdk1.6.0_16\docs\api\java\security\spec\class-use\rsakeygenparameterspec.html
c:\program files\java\jdk1.6.0_16\docs\api\javax\crypto\keygenerator.html
c:\program files\java\jdk1.6.0_16\docs\api\javax\crypto\keygeneratorspi.html
c:\program files\java\jdk1.6.0_16\docs\api\javax\crypto\class-use\keygenerator.html
c:\program files\java\jdk1.6.0_16\docs\api\javax\crypto\class-use\keygeneratorspi.html
scanner sequence 3.ZZ.11
----- EOF -----

Edited by arclight, 05 December 2009 - 12:16 PM.

[Thunderbird1988]

hello arclight,

You should really stop using cracks and keygens because mot of the time they contain viruses. Also, the use of it is illegal in many countries.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\-[mininova[1].org]- adobe.fireworks.cs3.v9.0.1188.keygen.internal-ssg.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\-[mininova[1].org]- avg.anti-virus.v7.1.362.keygen-ssg.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\=mininova[1].org= adobe.photoshop.cs3.v10.0.extended.keygen.only.internal.read.nfo-ssg.nt.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\avg[1].anti-virus.professional.v7.5.423.810.incl.keygen-ssg.rar.rar [mybittorrent.com].torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\avg[1].anti-virus.v7.1.362.keygen-ssg -[mininova.org]-.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\b-mininova[1].org-d avg 7.5 antivirus =keygen.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\[isohunt] avg[1].anti-virus.v7.1.405.791.incl.keygen-ssg.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\[isohunt] sony_acid_pro_6_including_keygen[1].3829109.tpb.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\^mininova[1].org^' avg anti-virus professional edition 7.5.484 incl keygen.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\~www[1].worldnova.org~avg_anti_virus_v7_1_405_781_incl_keygen_ssg.torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\desktop\[aone]_naruto_51_75\avg[1].anti-virus.v7.1.362.keygen-ssg [mininova].torrent
  c:\documents and settings\helpassistant.user-2a1ded054e\my documents\azureus downloads\avg.anti-virus.v7.1.362.keygen-ssg
  c:\documents and settings\user\desktop\stopzilla! v3.1.0.7 + crack (pop up blocker and the code works!!).zip
  c:\documents and settings\user\desktop\downloads\-[mininova[1].org]- adobe.fireworks.cs3.v9.0.1188.keygen.internal-ssg.torrent
  c:\documents and settings\user\desktop\downloads\-[mininova[1].org]- avg.anti-virus.v7.1.362.keygen-ssg.torrent
  c:\documents and settings\user\desktop\downloads\=mininova[1].org= adobe.photoshop.cs3.v10.0.extended.keygen.only.internal.read.nfo-ssg.nt.torrent
  c:\documents and settings\user\desktop\downloads\avg[1].anti-virus.professional.v7.5.423.810.incl.keygen-ssg.rar.rar [mybittorrent.com].torrent
  c:\documents and settings\user\desktop\downloads\avg[1].anti-virus.v7.1.362.keygen-ssg -[mininova.org]-.torrent
  c:\documents and settings\user\desktop\downloads\b-mininova[1].org-d avg 7.5 antivirus =keygen.torrent
  c:\documents and settings\user\desktop\downloads\[isohunt] avg[1].anti-virus.v7.1.405.791.incl.keygen-ssg.torrent
  c:\documents and settings\user\desktop\downloads\[isohunt] sony_acid_pro_6_including_keygen[1].3829109.tpb.torrent
  c:\documents and settings\user\desktop\downloads\^mininova[1].org^' avg anti-virus professional edition 7.5.484 incl keygen.torrent
  c:\documents and settings\user\desktop\downloads\~www[1].worldnova.org~avg_anti_virus_v7_1_405_781_incl_keygen_ssg.torrent
  c:\documents and settings\user\desktop\[aone]_naruto_51_75\avg[1].anti-virus.v7.1.362.keygen-ssg [mininova].torrent
  c:\documents and settings\user\my documents\azureus downloads\avg.anti-virus.v7.1.362.keygen-ssg
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• After the reboot, a notepad-window with the OTL log will pop up, please post the log.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *proquota*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Thunderbird1988

[arclight]

All processes killed
========== FILES ==========
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\-[mininova[1].org]- Adobe.Fireworks.CS3.v9.0.1188.Keygen.INTERNAL-SSG.torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\-[mininova[1].org]- AVG.Anti-Virus.v7.1.362.Keygen-SSG.torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\=mininova[1].org= Adobe.Photoshop.CS3.v10.0.Extended.Keygen.Only.INTERNAL.READ.NFO-SSG.NT.torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\AVG[1].Anti-Virus.Professional.v7.5.423.810.Incl.Keygen-SSG.rar.rar [myBittorrent.com].torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\AVG[1].Anti-Virus.v7.1.362.Keygen-SSG -[mininova.org]-.torrent moved successfully.
File\Folder c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\b-mininova[1].org-d avg 7.5 antivirus =keygen.torrent not found.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\[isoHunt] AVG[1].Anti-Virus.v7.1.405.791.Incl.Keygen-SSG.torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\[isoHunt] Sony_Acid_Pro_6_Including_Keygen[1].3829109.TPB.torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\^mininova[1].org^' AVG Anti-Virus Professional Edition 7.5.484 Incl Keygen.torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\downloads\~www[1].worldnova.org~AVG_Anti_Virus_v7_1_405_781_Incl_Keygen_SSG.torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\desktop\[aone]_naruto_51_75\AVG[1].Anti-Virus.v7.1.362.Keygen-SSG [mininova].torrent moved successfully.
c:\documents and settings\helpassistant.user-2a1ded054e\my documents\azureus downloads\AVG.Anti-Virus.v7.1.362.Keygen-SSG folder moved successfully.
c:\documents and settings\user\desktop\STOPzilla! v3.1.0.7 + Crack (pop up blocker and the code works!!).zip moved successfully.
c:\documents and settings\user\desktop\downloads\-[mininova[1].org]- Adobe.Fireworks.CS3.v9.0.1188.Keygen.INTERNAL-SSG.torrent moved successfully.
c:\documents and settings\user\desktop\downloads\-[mininova[1].org]- AVG.Anti-Virus.v7.1.362.Keygen-SSG.torrent moved successfully.
c:\documents and settings\user\desktop\downloads\=mininova[1].org= Adobe.Photoshop.CS3.v10.0.Extended.Keygen.Only.INTERNAL.READ.NFO-SSG.NT.torrent moved successfully.
c:\documents and settings\user\desktop\downloads\AVG[1].Anti-Virus.Professional.v7.5.423.810.Incl.Keygen-SSG.rar.rar [myBittorrent.com].torrent moved successfully.
c:\documents and settings\user\desktop\downloads\AVG[1].Anti-Virus.v7.1.362.Keygen-SSG -[mininova.org]-.torrent moved successfully.
File\Folder c:\documents and settings\user\desktop\downloads\b-mininova[1].org-d avg 7.5 antivirus =keygen.torrent not found.
c:\documents and settings\user\desktop\downloads\[isoHunt] AVG[1].Anti-Virus.v7.1.405.791.Incl.Keygen-SSG.torrent moved successfully.
c:\documents and settings\user\desktop\downloads\[isoHunt] Sony_Acid_Pro_6_Including_Keygen[1].3829109.TPB.torrent moved successfully.
c:\documents and settings\user\desktop\downloads\^mininova[1].org^' AVG Anti-Virus Professional Edition 7.5.484 Incl Keygen.torrent moved successfully.
c:\documents and settings\user\desktop\downloads\~www[1].worldnova.org~AVG_Anti_Virus_v7_1_405_781_Incl_Keygen_SSG.torrent moved successfully.
c:\documents and settings\user\desktop\[aone]_naruto_51_75\AVG[1].Anti-Virus.v7.1.362.Keygen-SSG [mininova].torrent moved successfully.
c:\documents and settings\user\my documents\azureus downloads\AVG.Anti-Virus.v7.1.362.Keygen-SSG folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: HelpAssistant.USER-2A1DED054E
->Temp folder emptied: 548000 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50514420 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: user
->Temp folder emptied: 1135 bytes
->Temporary Internet Files folder emptied: 91282 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 33390 bytes

Total Files Cleaned = 48.86 mb


OTL by OldTimer - Version 3.1.11.4 log created on 12052009_205720

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7a0.dat moved successfully.

Registry entries deleted on Reboot...



SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:08 on 05/12/2009 by user (Administrator - Elevation successful)

========== filefind ==========

Searching for "*proquota*"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe ------ 50176 bytes [13:40 27/08/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

-=End Of File=-


Keygens are no longer used as AVG was n't great,Avira free version as recommended on this site used
nowadays.

[Thunderbird1988]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy:

C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | c:\windows\system32\proquota.exe

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe (If Combofix asks if you want to update, please click "Yes")

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

After that, please tell me how your computer is running.

Thunderbird1988

[arclight]

ComboFix 09-12-05.01 - user 05/12/2009 22:05.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.235 [GMT 0:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-05 13:25 . 2009-12-05 13:25 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-12-05 05:13 . 2009-12-05 05:13 160912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-05 05:12 . 2009-12-05 05:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 05:11 . 2009-12-05 05:11 -------- d-----w- c:\program files\Reference Assemblies
2009-12-05 05:10 . 2009-12-05 05:11 -------- d-----w- C:\e7241e681a8d2d600575b3588f74ab5f
2009-12-05 04:52 . 2009-12-05 04:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 13:20 . 2009-07-12 00:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-05 04:58 . 2007-10-23 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((( SnapShot_2009-12-05_15.31.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-05 22:42 . 2009-12-05 22:42 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 14:53 93320]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 07:16 98984]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 10:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 22:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-05 23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 23:03
ComboFix2.txt 2009-12-05 15:48
ComboFix3.txt 2009-12-05 03:17

Pre-Run: 15,152,246,784 bytes free
Post-Run: 15,117,508,608 bytes free

- - End Of File - - 420275B407D8F4D9C8C8C4ED284D4198


Combofix updated during this run with a new version so i'm going to run it again with the script.

[arclight]

ComboFix 09-12-05.01 - user 06/12/2009 0:34.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.188 [GMT 0:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-05 13:25 . 2009-12-05 13:25 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-12-05 05:13 . 2009-12-05 05:13 160912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-05 05:12 . 2009-12-05 05:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 05:11 . 2009-12-05 05:11 -------- d-----w- c:\program files\Reference Assemblies
2009-12-05 05:10 . 2009-12-05 05:11 -------- d-----w- C:\e7241e681a8d2d600575b3588f74ab5f
2009-12-05 04:52 . 2009-12-05 04:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 13:20 . 2009-07-12 00:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-05 04:58 . 2007-10-23 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((( SnapShot_2009-12-05_15.31.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-05 23:57 . 2009-12-05 23:57 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2009-12-06 00:04 . 2009-12-06 00:04 245760 c:\windows\ERDNT\AutoBackup\06-12-2009\Users\00000002\UsrClass.dat
+ 2009-12-06 00:04 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\06-12-2009\ERDNT.EXE
+ 2009-12-06 00:04 . 2009-12-06 00:04 9506816 c:\windows\ERDNT\AutoBackup\06-12-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 01:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-06 01:28
ComboFix-quarantined-files.txt 2009-12-06 01:28
ComboFix2.txt 2009-12-06 00:17
ComboFix3.txt 2009-12-05 23:03
ComboFix4.txt 2009-12-05 15:48
ComboFix5.txt 2009-12-06 00:31

Pre-Run: 15,194,009,600 bytes free
Post-Run: 15,181,099,008 bytes free

- - End Of File - - 0941DF1128ABE24D8CDD9E80FAA3F7FA



Will update with Kaspersky log shortly

[arclight]

Here wasn't an option to enable deep rootkit search but i did select rootkit search and set the heuristic scan pointer to deep so i think thats the same thing.

There were no critical events found. No virus warning came up.





So i had the setting like this except the pointer in heuristic analysis was set to deep

Edited by arclight, 06 December 2009 - 10:37 PM.

[arclight]

Autoscan: completed 17 hours ago (events: 2, objects: 1086362, time: 11:24:35)
06/12/2009 15:34:02 Task started
07/12/2009 02:58:37 Task completed


This is the log i got under important events, the same log comes up after critical events. Under all events a summary of what happened came up but i got no prompts to ask me to neutralise anything during of after the scan was complete.


My computer is running the same way it was before i was told i had a virus,i didn't notice any symptoms.

[Thunderbird1988]

Hello Arclight,

Please Run Combofix again by performing the steps below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::

C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | c:\windows\system32\proquota.exe

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe (If Combofix asks if you want to update, please click "Yes")

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

It might be a good idea to ask your ISP if they can confirm there are no more activities from Torpig from your computer.

Thunderbird1988

[arclight]

Hi

Combo-fix is asking me to put in my Windows XP installation disc to replace some files.

Should i do this? I just want to double check.