Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Infected with an Alien...or so it seems!!

Started by ksjd66 , Oct 06 2011 12:40 AM

Please log in to reply

9 replies to this topic

#1 ksjd66

Active Member

Active Members
13 posts

Posted 06 October 2011 - 12:40 AM

1. MBAM Would not run; said Trial was EXPIRED!!
2. OTL(the first one mentioned completely LOCKED up my computer. I had to shut it down using the power button)

3. The other OTL logs as follows : OTL logfile created on: 10/5/2011 5:44:41 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Kristyn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.93% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.27 Gb Free Space | 15.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 587.35 Gb Free Space | 63.05% Space Free | Partition Type: NTFS

Computer Name: BOOMTOWN-MAFIA | User Name: Kristyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/05 17:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristyn\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/04 15:15:28 | 003,674,904 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2011/07/13 01:34:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2010/01/28 14:02:40 | 001,867,464 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/04 08:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/06/17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (GoToAssist)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/29 15:10:27 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/13 01:34:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010/01/28 14:02:40 | 001,867,464 | ---- | M] (Blockbuster) [Auto | Running] -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/13 01:34:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/13 01:34:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2006/05/05 20:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 09:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 76 3E B9 FE F3 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kristyn\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kristyn\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/08/04 23:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/18 03:30:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kristyn\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Kristyn\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kristyn\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kristyn\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Kate Spade = C:\Documents and Settings\Kristyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0\

O1 HOSTS File: ([2011/07/18 06:59:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Kristyn\Start Menu\programs\Startup\News Alert.lnk = C:\Program Files\News Alert\liveonline_3883833.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278014241125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1278014234593 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AAD24EF-B8CE-442D-9AD9-7CAD08309A52}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kristyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/30 22:52:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/05 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/10/04 05:09:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kristyn\Recent
[2011/09/30 06:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristyn\Local Settings\Application Data\Spotify
[2011/09/30 06:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristyn\Application Data\Spotify
[2011/09/26 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristyn\My Documents\SeamlessPro
[2011/09/26 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristyn\Application Data\com.chromaom.SeamlessStudio
[2011/09/26 18:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Seamless Studio
[2011/09/25 14:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristyn\Desktop\emailsig_files
[2011/09/24 05:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/09/27 21:37:23 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
[2010/07/02 11:00:27 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[2010/07/02 10:59:57 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2010/07/01 07:01:39 | 017,252,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files\BOIE8_ENUS_XP.EXE
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 17:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristyn\Desktop\OTL.exe
[2011/10/05 17:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 17:38:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1409082233-839522115-1004UA.job
[2011/10/05 17:37:37 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\GBM - Easy Layout Backup Job-Full.job
[2011/10/05 17:33:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/05 17:33:34 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1409082233-839522115-1004.job
[2011/10/05 17:33:33 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/05 17:33:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/05 17:00:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristyn\Desktop\TFC.exe
[2011/10/05 16:47:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Kristyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/05 16:26:28 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\SCORPIO.bmp
[2011/10/05 16:13:31 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/10/05 16:10:07 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Kristyn\My Documents\vlc-1.1.11-win32.exe
[2011/10/05 14:30:35 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{51CE0117-9DB9-4100-9E08-A92F9708E878}.job
[2011/10/05 09:38:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1409082233-839522115-1004Core.job
[2011/10/05 03:31:54 | 000,581,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/05 03:31:54 | 000,128,934 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/05 02:31:00 | 000,012,716 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/10/05 02:31:00 | 000,005,752 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/10/04 23:59:30 | 000,032,115 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\haircut.jpg
[2011/10/04 16:01:40 | 000,088,976 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\$(KGrHqZ,!k4E1F3)1NyUBNWsF+KUtw~~0_3.jpg
[2011/10/04 05:10:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1409082233-839522115-1004.job
[2011/10/01 16:40:24 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\Google Chrome.lnk
[2011/10/01 16:40:24 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Kristyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/30 06:38:34 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\Spotify.lnk
[2011/09/30 06:38:31 | 006,836,896 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\spotify.exe
[2011/09/29 13:58:39 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/29 13:58:38 | 000,252,984 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/29 13:58:19 | 000,252,984 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/28 00:22:09 | 001,408,000 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\Publication1.pub
[2011/09/27 22:07:18 | 000,125,345 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\1.ssf
[2011/09/26 20:57:14 | 000,024,240 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\cstmbkgrnd2.ssf
[2011/09/26 18:25:49 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seamless Studio.lnk
[2011/09/25 14:35:13 | 000,006,277 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\emailsig.htm
[2011/09/25 12:52:30 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinMaximizer.lnk
[2011/09/25 12:01:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/24 05:44:14 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kristyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/16 15:11:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/13 03:01:07 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/12 13:46:46 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Kristyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 04:00:03 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\Kristyn\Desktop\Shortcut to Alabama - Ultimate Alabama 20 #1 Hits - 16 - You've Got The Touch.mp3.lnk
[2011/09/11 10:48:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kristyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/09 07:34:53 | 000,270,611 | ---- | M] () -- C:\WINDOWS\System32\hpprnt
[2011/09/09 03:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/07 08:46:16 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 16:26:28 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\SCORPIO.bmp
[2011/10/05 16:13:31 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/10/05 16:09:42 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Kristyn\My Documents\vlc-1.1.11-win32.exe
[2011/10/04 23:59:51 | 000,032,115 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\haircut.jpg
[2011/10/04 17:55:20 | 000,088,976 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\$(KGrHqZ,!k4E1F3)1NyUBNWsF+KUtw~~0_3.jpg
[2011/09/30 06:38:34 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Kristyn\Start Menu\programs\Spotify.lnk
[2011/09/30 06:38:34 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\Spotify.lnk
[2011/09/30 06:38:14 | 006,836,896 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\spotify.exe
[2011/09/27 22:03:44 | 000,125,345 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\1.ssf
[2011/09/26 20:57:14 | 000,024,240 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\cstmbkgrnd2.ssf
[2011/09/26 18:25:49 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Seamless Studio.lnk
[2011/09/26 18:25:49 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seamless Studio.lnk
[2011/09/25 14:35:12 | 000,006,277 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\emailsig.htm
[2011/09/12 04:00:03 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\Kristyn\Desktop\Shortcut to Alabama - Ultimate Alabama 20 #1 Hits - 16 - You've Got The Touch.mp3.lnk
[2011/09/09 07:34:35 | 000,270,611 | ---- | C] () -- C:\WINDOWS\System32\hpprnt
[2011/04/27 12:51:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\uninstall.exe
[2011/03/16 05:30:11 | 000,252,984 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/16 05:30:07 | 000,252,984 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/16 05:30:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/16 05:29:46 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/03/08 05:59:43 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Kristyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 13:55:12 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/04 08:45:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/04 08:45:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/04 08:45:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/04 08:45:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/04 08:45:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/14 03:22:25 | 000,306,688 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2011/02/14 03:22:25 | 000,095,232 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2011/02/05 12:38:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Kristyn\Local Settings\Application Data\housecall.guid.cache
[2010/12/23 16:57:41 | 019,985,265 | ---- | C] () -- C:\Program Files\vlc-1.1.5-win32.exe
[2010/12/21 07:22:39 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2010/12/20 09:34:58 | 000,072,348 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/27 21:37:23 | 000,072,268 | ---- | C] () -- C:\Program Files\procexp.chm
[2010/08/12 01:57:51 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Kristyn\Application Data\mcs.rma
[2010/08/12 01:57:51 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Kristyn\Application Data\3051A7
[2010/07/02 11:00:00 | 000,004,886 | ---- | C] () -- C:\Program Files\install.ini
[2010/07/02 10:31:19 | 1339,050,285 | ---- | C] () -- C:\Program Files\data2.pck
[2010/07/01 23:50:32 | 2097,182,634 | ---- | C] () -- C:\Program Files\data1.pck
[2010/07/01 23:50:25 | 001,520,208 | ---- | C] () -- C:\Program Files\check.md
[2010/07/01 19:11:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/01 14:08:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/07/01 00:04:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/30 22:53:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/30 22:49:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/30 16:43:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/30 16:42:33 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/22 16:30:04 | 131,898,830 | ---- | C] () -- C:\Program Files\Data.cab
[2008/08/22 16:30:04 | 000,064,000 | ---- | C] () -- C:\Program Files\1031.mst
[2008/08/22 16:30:04 | 000,058,880 | ---- | C] () -- C:\Program Files\1034.mst
[2008/08/22 16:30:02 | 000,131,584 | ---- | C] () -- C:\Program Files\1042.mst
[2008/08/22 16:30:02 | 000,124,928 | ---- | C] () -- C:\Program Files\1041.mst
[2008/08/22 16:30:02 | 000,097,280 | ---- | C] () -- C:\Program Files\2052.mst
[2008/08/22 16:30:02 | 000,062,464 | ---- | C] () -- C:\Program Files\1036.mst
[2008/08/22 16:30:02 | 000,059,904 | ---- | C] () -- C:\Program Files\1040.mst
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/18 22:26:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/04/18 22:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2003/03/31 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,581,500 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,128,934 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/12/04 11:39:42 | 000,006,125 | R--- | C] () -- C:\Program Files\complogo.htm
[1998/10/12 12:21:58 | 000,057,562 | R--- | C] () -- C:\Program Files\cl10mpad.GIF
[1998/10/12 12:20:24 | 000,029,124 | R--- | C] () -- C:\Program Files\cl09done.GIF
[1998/10/12 11:31:30 | 000,004,278 | R--- | C] () -- C:\Program Files\cl08cups.GIF
[1998/10/12 11:28:38 | 000,014,902 | R--- | C] () -- C:\Program Files\cl07efct.GIF
[1998/10/12 11:19:58 | 000,012,717 | R--- | C] () -- C:\Program Files\cl06colz.GIF
[1998/10/09 17:24:04 | 000,009,616 | R--- | C] () -- C:\Program Files\cl05yell.GIF
[1998/10/09 17:19:52 | 000,022,189 | R--- | C] () -- C:\Program Files\cl03blue.GIF
[1998/10/09 17:18:06 | 000,017,727 | R--- | C] () -- C:\Program Files\cl04text.GIF
[1998/10/09 16:58:54 | 000,017,911 | R--- | C] () -- C:\Program Files\cl02bean.GIF
[1998/10/09 16:55:46 | 000,054,277 | R--- | C] () -- C:\Program Files\cl01exam.GIF

========== LOP Check ==========

[2010/07/20 17:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/07/14 10:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
[2011/07/02 17:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/06/30 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/07/07 13:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2011/04/25 21:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gKl16639lDmHh16639
[2010/07/20 17:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
[2010/09/23 13:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010/07/31 10:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movielink
[2011/06/24 09:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/08/29 15:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/08/29 15:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2010/07/14 13:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2010/09/26 00:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/14 15:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/12 16:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/03/27 09:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/03 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/24 12:15:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}
[2010/07/20 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\AGI
[2011/08/08 23:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Amazon
[2011/09/29 07:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Azureus
[2010/10/15 12:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\BabylonToolbar
[2010/07/21 01:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\BitZipper
[2011/09/26 18:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\com.chromaom.SeamlessStudio
[2011/06/24 01:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\ElevatedDiagnostics
[2010/08/01 14:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Genie-Soft
[2011/05/18 22:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\GetRightToGo
[2011/06/24 09:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\PCDr
[2011/01/21 05:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\PhotoScape
[2010/08/16 14:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Raptr
[2011/07/24 12:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\searchquband
[2011/08/29 01:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\SecondLife
[2011/09/30 06:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Spotify
[2010/08/14 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Trusteer
[2011/09/29 07:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\TS3Client
[2011/03/29 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Windows Desktop Search
[2011/05/21 23:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\Windows Search
[2011/01/21 05:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristyn\Application Data\yoclient
[2011/10/05 17:37:37 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\GBM - Easy Layout Backup Job-Full.job
[2011/09/13 03:01:07 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/05 14:30:35 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{51CE0117-9DB9-4100-9E08-A92F9708E878}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Kristyn\Desktop\Launcher.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Kristyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation

< End of report >

as far as EXTRAS log, I have no idea where this would be as it did not save to my desktop as indicated in the posted instructions stated it would. So the only other log which I have per same instructions is the "Check-up log". Those results are as follows;

Results of screen317's Security Check version 0.99.20
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Sygate Personal Firewall
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Okay, so a summary in my own words as to what has been going on with my system. Well for starters my hotmail account was apparently hacked, I believe this due to some obscure email which was sent out to all of my email contacts using my email account to do so. I know that my account was used because I received several postmaster unable to deliver notifications in my inbox( actually this occurred twice several hours apart).

And another issue which has been going on for sometime now is that when I am on the Internet I contstantly receive that Error page stating "Internet Explorer cannot display the page you have requested.". With the "Diagnose Network Connection Problems (or something to that effect). This has become more than just bothersome, it has actually cost me several hundred dollars, since this occurred when I was recently booking an airline ticket to Holland and when attempting to process the payment for said ticket I received this Error, only to find out payment had processed after all despite the message the British Airways website displayed. ( Because I have found that if I refresh, that this error screen will more times than not go away and take me to the page I was attempting to view), so when I refreshed during the payment process ofc BA website is prgrammed to err. However it didnt and I ended up making this reservation twice due to this cluster**** of an issue my computer seems to have going to all different types of pages not just when it involves encryption.

Another indication of infection would be that my desktop wallpaper seems to change at random times with no provocation from me. Well that and Im not understanding the whole file structure of my computer and why there seems to be several computers listed under my C: drive much with the same types of folders contained in ea. if that makes sense. So I trust you guys and know you know what you are soing. and would appreciate any help you can give with this apparrent Beast that has taken over my system.

#2 ksjd66

Active Member

Active Members
13 posts

Posted 06 October 2011 - 01:42 AM

Here is The Combofix Log also. Thought this might help as well.

ComboFix 11-10-05.02 - Kristyn 10/05/2011 19:04:51.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1334 [GMT -6:00]
Running from: c:\documents and settings\Kristyn\Desktop\ComboFix2.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents
c:\program files\messenger\msmsgsin.exe
C:\Thumbs.db
c:\windows\system32\comct332.ocx
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 00:59 . 2011-10-06 01:00 -------- d-----w- C:\ComboFix2
2011-10-05 23:34 . 2011-10-05 23:34 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-10-05 23:34 . 2011-10-05 23:34 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-09-30 12:38 . 2011-09-30 12:55 -------- d-----w- c:\documents and settings\Kristyn\Local Settings\Application Data\Spotify
2011-09-30 12:38 . 2011-09-30 12:48 -------- d-----w- c:\documents and settings\Kristyn\Application Data\Spotify
2011-09-27 00:25 . 2011-09-27 00:25 -------- d-----w- c:\documents and settings\Kristyn\Application Data\com.chromaom.SeamlessStudio
2011-09-27 00:25 . 2011-09-27 00:25 -------- d-----w- c:\program files\Seamless Studio
2011-09-24 11:31 . 2011-09-24 11:32 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 18:01 . 2011-07-08 08:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 23:00 . 2011-03-04 08:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 21:29 . 2011-08-12 21:29 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-08-05 05:06 . 2009-08-18 17:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-05 05:06 . 2009-08-18 17:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-15 13:29 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 07:34 . 2011-07-12 06:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-13 07:34 . 2011-07-12 06:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-12 03:21 . 2011-07-30 19:03 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-08 14:02 . 2003-03-31 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2010-12-23 23:05 . 2010-12-23 22:57 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2010-07-02 17:00 . 2010-07-02 17:00 258352 ----a-w- c:\program files\unicows.dll
2010-07-02 17:00 . 2010-07-02 16:59 372736 ----a-w- c:\program files\ijl15.dll
2010-07-01 13:01 . 2010-07-01 13:01 17252512 ----a-w- c:\program files\BOIE8_ENUS_XP.EXE
2010-06-07 22:16 . 2010-09-28 03:37 3887480 ----a-w- c:\program files\procexp.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-18_12.59.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 08:19 . 2007-11-07 08:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-10-05 23:33 . 2011-10-05 23:33 16384 c:\windows\Temp\Perflib_Perfdata_784.dat
+ 2011-10-05 23:33 . 2011-10-05 23:33 16384 c:\windows\Temp\Perflib_Perfdata_184.dat
+ 2011-08-12 21:36 . 2010-06-02 10:55 74072 c:\windows\system32\XAPOFX1_5.dll
+ 2011-08-12 21:35 . 2010-02-04 16:01 74072 c:\windows\system32\XAPOFX1_4.dll
+ 2010-08-15 22:01 . 2009-09-04 23:44 69464 c:\windows\system32\XAPOFX1_3.dll
- 2010-08-15 22:01 . 2008-10-15 13:03 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2010-08-15 22:01 . 2008-10-27 16:04 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2010-08-15 22:01 . 2008-07-31 16:41 68616 c:\windows\system32\XAPOFX1_1.dll
- 2010-08-15 22:01 . 2008-07-30 12:20 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 45400 c:\windows\system32\X3DAudioD1_7.dll
+ 2011-08-12 21:35 . 2010-02-04 16:01 22360 c:\windows\system32\X3DAudio1_7.dll
+ 2010-08-15 22:01 . 2008-10-27 16:04 23376 c:\windows\system32\X3DAudio1_5.dll
- 2010-08-15 22:01 . 2008-10-15 13:03 23376 c:\windows\system32\X3DAudio1_5.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 51024 c:\windows\system32\vcomp100.dll
+ 2010-07-01 20:23 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2010-07-01 20:23 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-07-01 19:59 . 2009-01-08 00:21 26144 c:\windows\system32\spupdsvc.exe
- 2010-07-01 19:59 . 2009-05-12 21:12 26144 c:\windows\system32\spupdsvc.exe
+ 2010-09-16 09:08 . 2009-01-08 00:20 16928 c:\windows\system32\spmsg.dll
- 2010-09-16 09:08 . 2009-05-12 21:12 16928 c:\windows\system32\spmsg.dll
- 2003-03-31 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-14 00:54 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 00:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 80720 c:\windows\system32\mfcm100u.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 80208 c:\windows\system32\mfcm100.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 60752 c:\windows\system32\mfc100rus.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 43344 c:\windows\system32\mfc100kor.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 62288 c:\windows\system32\mfc100ita.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 64336 c:\windows\system32\mfc100fra.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 63824 c:\windows\system32\mfc100esn.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 55120 c:\windows\system32\mfc100enu.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 64336 c:\windows\system32\mfc100deu.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 36176 c:\windows\system32\mfc100cht.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 36176 c:\windows\system32\mfc100chs.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
- 2003-03-31 12:00 . 2011-04-25 16:11 43520 c:\windows\system32\licmgr10.dll
- 2003-03-31 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2011-07-30 19:03 . 2011-07-12 03:21 54776 c:\windows\system32\DRVSTORE\mozy_B68A2C1AC1A0BBC5FE7D94CD5F67C3401062233A\mozy.sys
+ 2011-07-20 05:36 . 2009-12-30 17:20 27064 c:\windows\system32\drivers\revoflt.sys
- 2010-07-01 20:52 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-07-01 20:52 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-08-11 04:57 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2007-08-14 00:54 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 00:54 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-07-01 20:22 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-07-01 20:22 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 00:44 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-14 00:44 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-14 00:54 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 00:54 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2011-07-17 05:21 . 2011-07-17 05:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-17 05:21 . 2011-08-10 11:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-01 04:53 . 2011-08-10 11:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-07-01 04:53 . 2011-07-17 05:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-07-17 05:21 . 2011-07-17 05:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-17 05:21 . 2011-08-10 11:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-30 08:40 . 2011-08-30 08:40 28160 c:\windows\Installer\704f44d.msi
+ 2011-08-30 08:03 . 2011-08-30 08:03 21504 c:\windows\Installer\6e337bf.msi
+ 2011-09-27 00:25 . 2011-09-27 00:25 43008 c:\windows\Installer\67b5498.msi
- 2010-08-07 01:23 . 2011-07-14 09:36 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-08-30 08:06 . 2011-08-30 08:06 25214 c:\windows\Installer\{4010ADCB-1347-D570-FCF1-3002CABEBD2F}\StoneyIcon.exe
+ 2011-08-29 21:03 . 2011-08-29 21:03 25214 c:\windows\Installer\{3212AA30-4503-4D30-ADF3-F0DA00C3FDCC}\StoneyIcon.exe
+ 2010-09-23 10:47 . 2010-09-23 10:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 09:03 . 2010-09-23 09:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-09-23 08:52 . 2010-09-23 08:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-23 00:12 . 2010-09-23 00:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2011-08-11 09:04 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-09-24 11:34 . 2010-04-16 11:43 41984 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-08-11 09:33 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570222\update\spcustom.dll
+ 2011-08-11 09:33 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570222\spmsg.dll
+ 2011-08-11 09:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll
+ 2011-08-11 09:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567680\spmsg.dll
+ 2011-08-11 09:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2566454\update\spcustom.dll
+ 2011-08-11 09:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2566454\spmsg.dll
+ 2011-08-11 04:57 . 2011-07-08 13:51 10496 c:\windows\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys
+ 2011-08-11 09:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2562937\update\spcustom.dll
+ 2011-08-11 09:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2562937\spmsg.dll
+ 2011-08-11 09:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll
+ 2011-08-11 09:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll
+ 2011-08-11 09:34 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276-v2\update\spcustom.dll
+ 2011-08-11 09:34 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276-v2\spmsg.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-07-01 20:52 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-07-18 09:28 . 2011-07-18 09:28 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-07-01 20:24 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2010-07-01 20:24 . 2009-01-08 00:21 121856 c:\windows\system32\xmllite.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 954200 c:\windows\system32\XAudioD2_7.dll
+ 2011-08-12 21:36 . 2010-06-02 10:55 527192 c:\windows\system32\XAudio2_7.dll
+ 2011-08-12 21:35 . 2010-02-04 16:01 528216 c:\windows\system32\XAudio2_6.dll
+ 2011-08-12 21:35 . 2009-09-04 23:44 515416 c:\windows\system32\XAudio2_5.dll
- 2010-08-15 22:01 . 2008-10-15 13:03 514384 c:\windows\system32\XAudio2_3.dll
+ 2010-08-15 22:01 . 2008-10-27 16:04 514384 c:\windows\system32\XAudio2_3.dll
- 2010-08-15 22:01 . 2008-07-30 12:20 509448 c:\windows\system32\XAudio2_2.dll
+ 2010-08-15 22:01 . 2008-07-31 16:40 509448 c:\windows\system32\XAudio2_2.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 131928 c:\windows\system32\XAPOFXD1_5.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 349528 c:\windows\system32\XactEngineD3_7.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 435032 c:\windows\system32\XactEngineA3_7.dll
+ 2011-08-12 21:35 . 2010-06-02 10:55 239960 c:\windows\system32\xactengine3_7.dll
+ 2011-08-12 21:35 . 2010-02-04 16:01 238936 c:\windows\system32\xactengine3_6.dll
+ 2011-08-12 21:35 . 2009-09-04 23:44 238936 c:\windows\system32\xactengine3_5.dll
- 2010-08-15 22:01 . 2008-10-15 13:03 235856 c:\windows\system32\xactengine3_3.dll
+ 2010-08-15 22:01 . 2008-10-27 16:04 235856 c:\windows\system32\xactengine3_3.dll
- 2010-08-15 22:01 . 2008-07-30 12:20 238088 c:\windows\system32\xactengine3_2.dll
+ 2010-08-15 22:01 . 2008-07-31 16:41 238088 c:\windows\system32\xactengine3_2.dll
+ 2003-03-31 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
- 2003-03-31 12:00 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
- 2003-03-31 12:00 . 2011-04-25 16:11 916480 c:\windows\system32\wininet.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
- 2003-03-31 12:00 . 2009-03-08 10:34 105984 c:\windows\system32\url.dll
+ 2011-08-10 01:48 . 2001-08-18 04:34 132608 c:\windows\system32\spool\drivers\w32x86\3\HPDJRES.DLL
+ 2003-03-31 12:00 . 2011-10-05 09:31 581500 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2011-10-05 09:31 128934 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
+ 2011-03-16 11:30 . 2011-09-29 19:58 252984 c:\windows\system32\nvdrsdb1.bin
+ 2011-03-16 11:30 . 2011-09-29 19:58 252984 c:\windows\system32\nvdrsdb0.bin
+ 2010-03-18 15:15 . 2010-03-18 15:15 770384 c:\windows\system32\msvcr100.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 421200 c:\windows\system32\msvcp100.dll
- 2003-03-31 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 00:54 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
- 2007-08-14 00:54 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
+ 2011-09-25 18:01 . 2011-09-25 18:01 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
+ 2011-09-25 18:01 . 2011-09-25 18:01 328864 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
- 2003-03-31 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2003-03-31 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
- 2003-03-31 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
- 2003-03-31 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
+ 2003-03-31 12:00 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
+ 2011-08-10 11:25 . 2007-11-07 02:10 271704 c:\windows\system32\hpzids01.dll
- 2011-07-14 03:19 . 2010-02-01 06:54 729088 c:\windows\system32\hpwwiax4.dll
+ 2011-08-10 11:23 . 2007-10-31 10:35 729088 c:\windows\system32\hpwwiax4.dll
- 2011-07-14 03:19 . 2010-02-01 06:54 593920 c:\windows\system32\hpwtscl3.dll
+ 2011-08-10 11:23 . 2007-10-31 10:35 593920 c:\windows\system32\hpwtscl3.dll
+ 2011-08-10 11:23 . 2007-01-17 16:37 364544 c:\windows\system32\hppldcoi.dll
- 2011-07-14 03:19 . 2010-02-01 06:54 364544 c:\windows\system32\hppldcoi.dll
- 2011-07-14 03:19 . 2010-02-01 06:54 294912 c:\windows\system32\hpovst11.dll
+ 2011-08-10 11:23 . 2007-01-17 16:31 294912 c:\windows\system32\hpovst11.dll
+ 2010-06-30 22:42 . 2011-09-07 14:46 267800 c:\windows\system32\FNTCACHE.DAT
+ 2011-08-10 11:25 . 2007-10-31 10:35 729088 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\scanner\x32\hpwwiax4.dll
- 2011-07-17 05:07 . 2007-10-31 10:35 729088 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\scanner\x32\hpwwiax4.dll
+ 2011-08-10 11:25 . 2007-10-31 10:35 593920 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\scanner\x32\hpwtscl3.dll
- 2011-07-17 05:07 . 2007-10-31 10:35 593920 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\scanner\x32\hpwtscl3.dll
- 2011-07-17 05:07 . 2007-01-17 16:31 294912 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\scanner\x32\hpovst11.dll
+ 2011-08-10 11:25 . 2007-01-17 16:31 294912 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\scanner\x32\hpovst11.dll
+ 2011-08-10 11:25 . 2007-01-17 16:37 364544 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\dot4\Win2000\hppldcoi.dll
- 2011-07-17 05:07 . 2007-01-17 16:37 364544 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\dot4\Win2000\hppldcoi.dll
- 2011-07-17 05:07 . 2007-01-17 16:37 309760 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\dot4\Win2000\difxapi.dll
+ 2011-08-10 11:25 . 2007-01-17 16:37 309760 c:\windows\system32\DRVSTORE\hpwscu01_E8C9618B27053045D976844ED6A3CC487EFD1D33\drivers\dot4\Win2000\difxapi.dll
+ 2011-08-10 11:25 . 2007-11-07 02:10 271704 c:\windows\system32\DRVSTORE\hpoj468a_8687B82FE809FABFFC89AD4B7194AC57A77BF280\hpzids01.dll
- 2011-07-17 05:07 . 2007-11-07 02:10 271704 c:\windows\system32\DRVSTORE\hpoj468a_8687B82FE809FABFFC89AD4B7194AC57A77BF280\hpzids01.dll
+ 2011-08-10 11:24 . 2007-11-07 02:10 271704 c:\windows\system32\DRVSTORE\hpoj466a_D3DCCE7B71F09CED8C46B70CB07559756225F936\hpzids01.dll
- 2011-07-17 05:07 . 2007-11-07 02:10 271704 c:\windows\system32\DRVSTORE\hpoj466a_D3DCCE7B71F09CED8C46B70CB07559756225F936\hpzids01.dll
+ 2010-07-01 04:48 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2010-07-01 04:48 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
- 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2007-08-14 00:54 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-08-14 00:54 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-08-14 00:44 . 2009-03-08 10:34 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 00:44 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-11 04:58 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2007-08-14 00:44 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 00:44 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 00:54 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 00:54 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-07-01 20:22 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-07-01 20:22 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-07-01 20:25 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-07-01 20:25 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-07-01 20:52 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-07-01 20:52 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-14 00:54 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 00:54 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-07-01 20:52 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-07-01 20:52 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-14 00:39 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 00:39 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 358744 c:\windows\system32\dinput8d.dll
- 2011-07-14 03:19 . 2010-02-01 06:54 309760 c:\windows\system32\difxapi.dll
+ 2011-08-10 11:23 . 2007-01-17 16:37 309760 c:\windows\system32\difxapi.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 268120 c:\windows\system32\D3DX11d_43.dll
+ 2011-08-12 21:35 . 2010-05-26 17:41 248672 c:\windows\system32\d3dx11_43.dll
+ 2011-08-12 21:35 . 2009-09-04 23:29 235344 c:\windows\system32\d3dx11_42.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 514392 c:\windows\system32\D3DX10d_43.dll
+ 2011-08-12 21:35 . 2010-05-26 17:41 470880 c:\windows\system32\d3dx10_43.dll
+ 2011-08-12 21:35 . 2009-09-04 23:29 453456 c:\windows\system32\d3dx10_42.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 348504 c:\windows\system32\d3dref9.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 496472 c:\windows\system32\D3D11SDKLayers.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 525144 c:\windows\system32\D3D11Ref.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 442712 c:\windows\system32\D3D10SDKLayers.DLL
+ 2011-08-12 21:43 . 2010-06-02 12:23 367960 c:\windows\system32\D3D10Ref.DLL
+ 2010-03-18 15:15 . 2010-03-18 15:15 138056 c:\windows\system32\atl100.dll
+ 2011-07-24 18:15 . 2011-07-24 18:15 262656 c:\windows\Installer\b33503f.msi
+ 2011-08-29 21:03 . 2011-08-29 21:03 928256 c:\windows\Installer\4864fe9.msi
+ 2011-08-12 21:44 . 2011-08-12 21:44 151552 c:\windows\Installer\42d6072.msi
+ 2010-08-07 01:23 . 2011-09-15 09:42 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-08-04 21:15 . 2011-08-04 21:15 200704 c:\windows\Installer\$PatchCache$\Managed\743020BED453FA1A2F56485B24C769AB\2.8.4\ssleay32.dll
+ 2010-09-21 05:07 . 2010-09-21 05:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-23 00:10 . 2010-09-23 00:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2010-09-11 00:17 . 2010-09-11 00:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 02:41 . 2010-09-23 02:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-23 10:47 . 2010-09-23 10:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-23 00:04 . 2010-09-23 00:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-23 01:39 . 2010-09-23 01:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2010-09-23 00:50 . 2010-09-23 00:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-01-14 13:10 . 2011-01-14 13:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-08-11 09:04 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-11 09:04 . 2009-03-08 10:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-11 09:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-11 09:05 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-11 09:04 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-11 09:04 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-09-24 11:34 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-09-24 11:34 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
- 2010-07-01 20:25 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-07-01 20:25 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
- 2011-07-18 09:27 . 2011-07-18 09:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-08-12 21:34 . 2011-08-12 21:34 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-08-11 09:33 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570222\update\updspapi.dll
+ 2011-08-11 09:33 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570222\update\update.exe
+ 2011-08-11 09:33 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570222\spuninst.exe
+ 2011-08-11 04:58 . 2011-06-24 14:09 139656 c:\windows\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys
+ 2011-08-11 09:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567680\update\updspapi.dll
+ 2011-08-11 09:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567680\update\update.exe
+ 2011-08-11 09:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567680\spuninst.exe
+ 2011-06-20 17:43 . 2011-06-20 17:43 293376 c:\windows\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
+ 2011-08-11 09:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2566454\update\updspapi.dll
+ 2011-08-11 09:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2566454\update\update.exe
+ 2011-08-11 09:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2566454\spuninst.exe
+ 2011-08-11 09:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2562937\update\updspapi.dll
+ 2011-08-11 09:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2562937\update\update.exe
+ 2011-08-11 09:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2562937\spuninst.exe
+ 2011-08-11 09:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2559049-IE8\update\updspapi.dll
+ 2011-08-11 09:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2559049-IE8\update\update.exe
+ 2011-08-11 09:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2559049-IE8\spuninst.exe
+ 2011-08-11 04:58 . 2011-06-23 18:33 919552 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 105984 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 206848 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\occache.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 611840 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mstime.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 602112 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeeds.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 247808 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieproxy.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 184320 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iepeers.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 743424 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedvtool.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 387584 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedkcs32.dll
+ 2011-08-11 04:58 . 2011-06-23 12:19 173568 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ie4uinit.exe
+ 2011-08-11 09:34 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276-v2\update\updspapi.dll
+ 2011-08-11 09:34 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276-v2\update\update.exe
+ 2011-08-11 09:34 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276-v2\spuninst.exe
+ 2011-08-11 04:58 . 2011-07-15 13:29 457856 c:\windows\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
+ 2003-03-31 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2010-07-21 07:29 . 2011-07-21 19:45 1676868 c:\windows\system32\Restore\rstrlog.dat
+ 2003-03-31 12:00 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 4368720 c:\windows\system32\mfc100u.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 4342088 c:\windows\system32\mfc100.dll
- 2007-08-14 00:34 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
+ 2007-08-14 00:34 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
+ 2007-08-14 00:54 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-08-14 00:54 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
+ 2010-07-01 20:22 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2010-07-01 20:22 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 2261336 c:\windows\system32\D3dx9d_43.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 3795800 c:\windows\system32\d3dx9d_33.dll
+ 2011-08-12 21:35 . 2010-05-26 17:41 1998168 c:\windows\system32\D3DX9_43.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 1883992 c:\windows\system32\D3DCSXd_43.dll
+ 2011-08-12 21:35 . 2010-05-26 17:41 1868128 c:\windows\system32\d3dcsx_43.dll
+ 2011-08-12 21:35 . 2009-09-04 23:29 5501792 c:\windows\system32\d3dcsx_42.dll
+ 2011-08-12 21:35 . 2010-05-26 17:41 2106216 c:\windows\system32\D3DCompiler_43.dll
+ 2011-08-12 21:43 . 2010-06-02 12:23 3083608 c:\windows\system32\d3d9d.dll
+ 2011-08-05 05:00 . 2011-08-05 05:00 2317312 c:\windows\Installer\f3b2962.msi
+ 2010-09-15 04:35 . 2010-09-15 04:35 3060736 c:\windows\Installer\6e337d9.msp
+ 2011-05-02 06:06 . 2011-05-02 06:06 2705920 c:\windows\Installer\4bc17bf.msp
+ 2011-07-27 13:42 . 2011-07-27 13:42 4985856 c:\windows\Installer\4bc17b8.msp
+ 2011-08-08 17:01 . 2011-08-08 17:01 2178048 c:\windows\Installer\4b93bbb.msi
+ 2011-08-29 21:09 . 2011-08-29 21:09 1124864 c:\windows\Installer\4864fef.msi
+ 2011-08-10 23:43 . 2011-08-10 23:43 3795968 c:\windows\Installer\4654966.msp
+ 2011-09-07 03:46 . 2011-09-07 03:46 9006080 c:\windows\Installer\465494f.msp
+ 2011-06-21 17:59 . 2011-06-21 17:59 1764352 c:\windows\Installer\4654938.msp
+ 2011-08-24 12:37 . 2011-08-24 12:37 4985856 c:\windows\Installer\4654920.msp
+ 2011-08-10 23:42 . 2011-08-10 23:42 7070208 c:\windows\Installer\4654909.msp
+ 2011-07-21 18:34 . 2011-07-21 18:34 3456000 c:\windows\Installer\46548f3.msp
+ 2011-09-07 03:48 . 2011-09-07 03:48 8181248 c:\windows\Installer\46548e0.msp
+ 2011-07-27 13:39 . 2011-07-27 13:39 9892352 c:\windows\Installer\46548ab.msp
+ 2010-08-07 01:23 . 2011-09-15 09:42 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-08-07 01:23 . 2011-07-14 09:36 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-08-07 01:23 . 2011-09-15 09:42 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-08-04 21:15 . 2011-08-04 21:15 1016832 c:\windows\Installer\$PatchCache$\Managed\743020BED453FA1A2F56485B24C769AB\2.8.4\libeay32.dll
+ 2010-09-23 00:05 . 2010-09-23 00:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-09-16 09:08 . 2010-09-16 09:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2010-06-19 23:51 . 2010-06-19 23:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-01-14 13:10 . 2011-01-14 13:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-04-04 00:21 . 2009-04-04 00:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2011-08-11 09:04 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-11 09:04 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-11 09:04 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-05 09:30 . 2011-10-05 09:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-07-18 09:27 . 2011-07-18 09:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-10-05 09:31 . 2011-10-05 09:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-07-18 09:28 . 2011-07-18 09:28 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-12 21:33 . 2011-08-12 21:33 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 21:33 . 2011-08-12 21:33 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-15 22:01 . 2010-08-15 22:01 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 1214464 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
+ 2011-08-11 04:58 . 2011-07-25 15:15 5971456 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
+ 2011-08-11 04:58 . 2011-06-23 18:33 1992192 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll
+ 2010-07-01 20:22 . 2011-09-28 09:19 47369160 c:\windows\system32\MRT.exe
+ 2007-08-14 00:54 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
- 2007-08-14 00:54 . 2011-04-26 16:11 11081728 c:\windows\system32\ieframe.dll
- 2010-07-01 20:22 . 2011-04-26 16:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2010-07-01 20:22 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 09:27 . 2011-03-28 09:27 15456256 c:\windows\Installer\b5b143e.msp
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\67b2bdb.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\67b2bda.msp
+ 2011-07-27 13:37 . 2011-07-27 13:37 11592192 c:\windows\Installer\46548c9.msp
+ 2010-09-23 09:03 . 2010-09-23 09:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2009-04-04 00:21 . 2009-04-04 00:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OART.DLL
+ 2011-08-11 09:04 . 2011-04-26 16:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-06-25 07:03 . 2011-06-25 07:03 11083776 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 21:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 21:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\Kristyn\Start Menu\Programs\Startup\
News Alert.lnk - c:\program files\News Alert\liveonline_3883833.exe [2011-4-27 458752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-01 05:03 10536 ------w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-22 15:22 136176 ----atw- c:\documents and settings\Kristyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 16:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 21:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 21:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
2010-01-28 20:03 454856 ----a-w- c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 23:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 23:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
"c:\\Documents and Settings\\Kristyn\\Application Data\\Spotify\\spotify.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/12/2011 12:27 AM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/4/2011 2:10 AM 366152]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [5/17/2010 2:45 PM 1615176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/4/2011 2:10 AM 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/17/2010 4:34 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/17/2010 4:34 PM 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/15/2010 11:02 AM 30576]
S3 pbfilter;pbfilter;\??\c:\program files\NCSoft\Fake-Gaming.net\Filter\pbfilter.sys --> c:\program files\NCSoft\Fake-Gaming.net\Filter\pbfilter.sys [?]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/19/2011 11:36 PM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-05 c:\windows\Tasks\GBM - Easy Layout Backup Job-Full.job
- c:\program files\LaCie\Genie Backup Assistant\GBM8.exe [2011-06-21 14:15]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 22:34]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 22:34]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1409082233-839522115-1004Core.job
- c:\documents and settings\Kristyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 15:22]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1409082233-839522115-1004UA.job
- c:\documents and settings\Kristyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 15:22]
.
2011-09-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-10-05 c:\windows\Tasks\User_Feed_Synchronization-{51CE0117-9DB9-4100-9E08-A92F9708E878}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-NCsoft Launcher - c:\program files\NCSoft\Launcher\NCLauncher.exe
AddRemove-NCsoft-Aion - c:\program files\ncsoft\launcher\NCLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 19:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2011-10-05 19:27:18
ComboFix-quarantined-files.txt 2011-10-06 01:27
ComboFix2.txt 2011-07-18 13:03
ComboFix3.txt 2011-07-15 19:35
ComboFix4.txt 2011-03-04 15:05
.
Pre-Run: 12,113,793,024 bytes free
Post-Run: 19,641,348,096 bytes free
.
- - End Of File - - CC5BB5532B93E875419C76F36F28D4CE

#3 sempai

3 stars and a sun

Admin
1,038 posts

Posted 06 October 2011 - 01:21 PM

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

CODE
File::
c:\program files\NCSoft\Fake-Gaming.net\Filter\pbfilter.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-

Driver::
pbfilter

4. Save this as CFScript.txt, in the same location as ComboFix.exe

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#4 ksjd66

Active Member

Active Members
13 posts

Posted 06 October 2011 - 04:04 PM

Kk Sorry for running that without supervision. Was just trying to help you out, I wont do it again. Here is the log you requested.

ComboFix 11-10-06.03 - Kristyn 10/06/2011 9:19.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1319 [GMT -6:00]
Running from: c:\documents and settings\Kristyn\Desktop\ComboFix2.exe
Command switches used :: c:\documents and settings\Kristyn\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
FILE ::
"c:\program files\NCSoft\Fake-Gaming.net\Filter\pbfilter.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PBFILTER
-------\Service_pbfilter
.
.
((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 15:39 . 2011-10-06 15:39 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-10-06 15:39 . 2011-10-06 15:39 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-10-06 15:39 . 2011-10-06 15:39 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-10-06 15:39 . 2011-10-06 15:39 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-10-06 15:39 . 2011-10-06 15:39 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-10-06 15:39 . 2011-10-06 15:39 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-10-06 15:39 . 2011-10-06 15:39 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-10-06 15:39 . 2011-10-06 15:39 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-10-06 15:39 . 2011-10-06 15:39 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-10-06 15:39 . 2011-10-06 15:39 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-10-06 15:39 . 2011-10-06 15:39 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-10-06 15:39 . 2011-10-06 15:39 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-10-06 15:38 . 2011-10-06 15:38 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-10-06 15:38 . 2011-10-06 15:38 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-10-06 15:38 . 2011-10-06 15:38 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-10-06 15:38 . 2011-10-06 15:38 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-10-06 15:38 . 2011-10-06 15:38 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-10-06 00:59 . 2011-10-06 01:00 -------- d-----w- C:\ComboFix2
2011-09-30 12:38 . 2011-09-30 12:55 -------- d-----w- c:\documents and settings\Kristyn\Local Settings\Application Data\Spotify
2011-09-30 12:38 . 2011-09-30 12:48 -------- d-----w- c:\documents and settings\Kristyn\Application Data\Spotify
2011-09-27 00:25 . 2011-09-27 00:25 -------- d-----w- c:\documents and settings\Kristyn\Application Data\com.chromaom.SeamlessStudio
2011-09-27 00:25 . 2011-09-27 00:25 -------- d-----w- c:\program files\Seamless Studio
2011-09-24 11:31 . 2011-09-24 11:32 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 18:01 . 2011-07-08 08:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 23:00 . 2011-03-04 08:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 21:29 . 2011-08-12 21:29 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-08-05 05:06 . 2009-08-18 17:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-05 05:06 . 2009-08-18 17:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-15 13:29 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 07:34 . 2011-07-12 06:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-13 07:34 . 2011-07-12 06:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-12 03:21 . 2011-07-30 19:03 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-12-23 23:05 . 2010-12-23 22:57 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2010-07-02 17:00 . 2010-07-02 17:00 258352 ----a-w- c:\program files\unicows.dll
2010-07-02 17:00 . 2010-07-02 16:59 372736 ----a-w- c:\program files\ijl15.dll
2010-07-01 13:01 . 2010-07-01 13:01 17252512 ----a-w- c:\program files\BOIE8_ENUS_XP.EXE
2010-06-07 22:16 . 2010-09-28 03:37 3887480 ----a-w- c:\program files\procexp.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-06_01.21.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-06 15:38 . 2011-10-06 15:38 16384 c:\windows\Temp\Perflib_Perfdata_7ac.dat
+ 2011-10-06 15:38 . 2011-10-06 15:38 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2011-10-06 09:26 . 2011-10-06 09:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2003-03-31 12:00 . 2011-10-05 09:31 581500 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2011-10-06 09:27 581500 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2011-10-05 09:31 128934 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2011-10-06 09:27 128934 c:\windows\system32\perfc009.dat
+ 2011-10-06 09:26 . 2011-10-06 09:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-05 09:30 . 2011-10-05 09:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-10-06 09:26 . 2011-10-06 09:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-05 09:31 . 2011-10-05 09:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 21:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 21:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\Kristyn\Start Menu\Programs\Startup\
News Alert.lnk - c:\program files\News Alert\liveonline_3883833.exe [2011-4-27 458752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-01 05:03 10536 ------w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-22 15:22 136176 ----atw- c:\documents and settings\Kristyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 16:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 21:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 21:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
2010-01-28 20:03 454856 ----a-w- c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 23:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 23:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
"c:\\Documents and Settings\\Kristyn\\Application Data\\Spotify\\spotify.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/12/2011 12:27 AM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/4/2011 2:10 AM 366152]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [5/17/2010 2:45 PM 1615176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/4/2011 2:10 AM 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/17/2010 4:34 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/17/2010 4:34 PM 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/15/2010 11:02 AM 30576]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/19/2011 11:36 PM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\GBM - Easy Layout Backup Job-Full.job
- c:\program files\LaCie\Genie Backup Assistant\GBM8.exe [2011-06-21 14:15]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 22:34]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 22:34]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1409082233-839522115-1004Core.job
- c:\documents and settings\Kristyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 15:22]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1409082233-839522115-1004UA.job
- c:\documents and settings\Kristyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 15:22]
.
2011-09-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-10-06 c:\windows\Tasks\User_Feed_Synchronization-{51CE0117-9DB9-4100-9E08-A92F9708E878}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 09:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(904)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\Sygate\SPF\smc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\System32\vssvc.exe
c:\windows\System32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-10-06 09:53:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-06 15:53
ComboFix2.txt 2011-10-06 01:27
ComboFix3.txt 2011-07-18 13:03
ComboFix4.txt 2011-07-15 19:35
ComboFix5.txt 2011-10-06 15:17
.
Pre-Run: 19,284,168,704 bytes free
Post-Run: 19,140,653,056 bytes free
.
- - End Of File - - A3475CF8A365407E5B643089C5DEDA9F

#5 ksjd66

Active Member

Active Members
13 posts

Posted 06 October 2011 - 04:38 PM

btw..... I mentioned already that my hotmail acct had been hacked. and as a result of this Hotmail suspended my acct (normal protocol) and proceeded to send me a code via text message on my mobile phone. I followed their instructions and created a new password, which subsequently un-suspended my account. However, upon opening my email acct this morning I found more "Returned" emails from the postmaster indicating that my email was hacked again.

So now what do I do, and what does this mean?

I swear I wish I could get a hold of the people who did this. What complete LOSERS, completely have failed in Life so they have to make everyone else miserable as well.

#6 sempai

3 stars and a sun

Admin
1,038 posts

Posted 07 October 2011 - 12:21 PM

I can't really tell if the computer is compromise, I can't see any active malware on your log but that doesn't mean that it's clean. Try to change your Hotmail account password using a clean computer and don't open it to this computer until we're sure that it's clean. You can try to open your Hotmail using a clean computer to observe if there's still returned emails.

Please click HERE to download Kaspersky Virus Removal Tool (click on the Download link for Version 11).
NOTE. This is quite large file, so be patient.

Double click on the file you just downloaded and let it install.
It will install to your desktop (be patient; it may take a while).
Accept license agreement and click "Start" button.
Click on Settings button
- In Scan scope leave pre-checked items as they're and also checkmark My Computer
- In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
Click on Automatic Scan tab and then click on Start scanning button.
Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
When the scan is done NO log will be produced.
Click on Report button then on Automatic Scan report tab.
Right click anywhere within right pane, click Select All then right click again and click Copy.
This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
You can save this on the desktop.
Post the contents of the document in your next reply.

#7 ksjd66

Active Member

Active Members
13 posts

Posted 08 October 2011 - 04:55 PM

So there is no log because it found no threats. So perhaps those returned mails were just residual ones.

#8 sempai

3 stars and a sun

Admin
1,038 posts

Posted 10 October 2011 - 12:03 PM

Yes they can be leftovers.

1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Download the latest version of Java Runtime Environment (JRE) Version 7.
Look for "Java SE 7".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
Save it to your desktop
Close any programs you may have running - especially your web browser.
Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
Reboot your computer once all Java components are removed.
Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

2. Please run OTL and click the "Quick Scan" button, post the new report for my review.

#9 ksjd66

Active Member

Active Members
13 posts

Posted 10 October 2011 - 02:55 PM

Okay the Link you provided for me to download the latests version of java is experiencing technical difficulties. I will keep checking to see when it goes back up so i can download that. In the meantime i wanted to provide a glimpse of my Task manager when it shows my CPU Usage at just under 100% (which you can alsao see in the screenshot I provide) and see if you can see anything out of the "Norm".

And could you tell me what this svchost.exe is and why it is running multiple times?

Attached Files

Publication1.jpg 272.29K 2 downloads

#10 sempai

3 stars and a sun

Admin
1,038 posts

Posted 11 October 2011 - 12:31 PM

svchost.exe is a legitimate windows file and needed by the Windows operating system to run properly, it is a generic host process name for services that run from dynamic-link libraries. If you want to lessen the instances of svchost.exe then you should stop/disable some unnecessary services.

A description of Svchost.exe: http://support.microsoft.com/kb/314056

Back to HELP! Think you are Infected?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Computer Infected with an Alien...or so it seems!!

#1 ksjd66

#2 ksjd66

#3 sempai

#4 ksjd66

#5 ksjd66

#6 sempai

#7 ksjd66

#8 sempai

#9 ksjd66

Attached Files

#10 sempai

0 user(s) are reading this topic

Sign In