Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"antispywaremaster" Popups And Ie Gets Hijacked To Site


  • This topic is locked This topic is locked
10 replies to this topic

#1 kingsteve2002

kingsteve2002

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 30 April 2008 - 05:17 PM

HI, I hope you can help. My computer constantly has popups while browsing which ask if you need ANTISPYWAREMASTER. Next new web pages pop up which go to ANTISPYWAREMASTER.COM. Please help. Thanks




Deckard's System Scanner v20071014.68
Run by cs on 2008-04-30 17:49:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-04-30 21:49:37 UTC - RP530 - Deckard's System Scanner Restore Point
60: 2008-04-30 17:13:40 UTC - RP529 - System Checkpoint
59: 2008-04-29 15:27:56 UTC - RP528 - Removed SUPERAntiSpyware Free Edition
58: 2008-04-29 15:26:32 UTC - RP527 - Removed Search Assist
57: 2008-04-29 15:00:30 UTC - RP526 - Last known good configuration


-- First Restore Point --
1: 2008-04-29 14:58:45 UTC - RP470 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as cs.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:10 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
F:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?C...Field2=-74.2119
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19B9CD57-3043-442F-8DFF-F9924AF056BD} - C:\WINDOWS\system32\tuvTMgfF.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: {96d07f15-7bf7-c47b-2d24-5fea16116bed} - {deb61161-aef5-42d2-b74c-7fb751f70d69} - C:\WINDOWS\system32\unkegyiq.dll
O2 - BHO: (no name) - {EC6BADA9-DFE0-40E7-90D0-5F478E21EBE9} - C:\WINDOWS\system32\byXPJAro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [bc94b1ad] rundll32.exe "C:\WINDOWS\system32\fveydsxp.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL
O20 - Winlogon Notify: tuvTMgfF - C:\WINDOWS\SYSTEM32\tuvTMgfF.dll
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14199 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 catchme - c:\docume~1\cs\locals~1\temp\catchme.sys (file missing)
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MA8512M - c:\windows\system32\drivers\ma8512m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8512U - c:\windows\system32\drivers\ma8512u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mamm9000mi00 - c:\windows\system32\drivers\ma9kmi00.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mamm9000mi01 - c:\windows\system32\drivers\ma9kmi01.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 netr73 (Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista) - c:\windows\system32\drivers\netr73.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
S3 RT73 (Belkin Wireless G Plus MIMO USB Network Adapter Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
S3 ZDCNDIS5 (ZDCNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>

S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
S2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe <Not Verified; Pinnacle Systems; Media Server>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-01 01:00:33 346 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-03-15 01:25:02 344 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 17:21:26 0 d-------- C:\Program Files\Trend Micro
2008-04-30 16:21:18 0 dr-h----- C:\Documents and Settings\cs\Recent
2008-04-30 12:19:08 105536 --a------ C:\WINDOWS\system32\unkegyiq.dll
2008-04-29 11:08:01 97856 --a------ C:\WINDOWS\system32\fveydsxp.dll
2008-04-29 11:04:58 107072 --a------ C:\WINDOWS\system32\bvcfsylh.dll
2008-04-29 10:58:32 546913 --ahs---- C:\WINDOWS\system32\orAJPXyb.ini2
2008-04-29 10:58:22 280576 --a------ C:\WINDOWS\system32\byXPJAro.dll
2008-04-29 10:17:52 43008 --a------ C:\WINDOWS\system32\tuvTMgfF.dll
2008-04-18 11:02:42 0 d-------- C:\Program Files\NetProject
2008-04-14 13:36:56 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 17:52:57 0 d-------- C:\Program Files\NCH Software


-- Find3M Report ---------------------------------------------------------------

2008-04-30 16:22:27 0 d-------- C:\Program Files\SpiralFrog
2008-04-30 11:58:40 47346 --a------ C:\Documents and Settings\cs\Application Data\wklnhst.dat
2008-04-30 11:07:25 0 d-------- C:\Documents and Settings\cs\Application Data\AVG7
2008-04-29 11:28:22 0 d-------- C:\Documents and Settings\cs\Application Data\SUPERAntiSpyware.com
2008-04-29 11:28:19 0 d-------- C:\Program Files\Common Files
2008-04-29 11:28:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 11:26:36 0 d-------- C:\Program Files\Dell
2008-04-13 03:40:04 0 d-------- C:\Program Files\McAfee
2008-04-09 17:42:11 0 d-------- C:\Program Files\NCH Swift Sound
2008-04-08 20:11:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 19:41:20 0 d-------- C:\Documents and Settings\cs\Application Data\Adobe
2008-04-07 01:30:32 137304 --a------ C:\Documents and Settings\cs\Application Data\GDIPFONTCACHEV1.DAT
2008-04-02 22:19:57 0 d-------- C:\Program Files\Dl_cats
2008-04-02 15:52:39 0 d-------- C:\Documents and Settings\cs\Application Data\AdobeUM
2008-03-30 13:40:07 7168 --a------ C:\Documents and Settings\cs\Application Data\dvd.bmk
2008-03-25 16:05:20 0 d-------- C:\Program Files\VideoLAN
2008-03-25 01:26:16 0 d-------- C:\Documents and Settings\cs\Application Data\MozillaControl
2008-03-25 01:13:25 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-03-21 11:50:46 0 d-------- C:\Documents and Settings\cs\Application Data\NCH Swift Sound
2008-03-06 22:08:42 0 d-------- C:\Program Files\Common Files\Real
2008-03-06 22:08:25 0 d-------- C:\Program Files\Real
2008-02-29 02:33:33 0 d-------- C:\Program Files\MSXML 6.0
2008-02-29 01:29:29 0 d-------- C:\Program Files\Common Files\Laplink


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B9CD57-3043-442F-8DFF-F9924AF056BD}]
04/29/2008 10:17 AM 43008 --a------ C:\WINDOWS\system32\tuvTMgfF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{deb61161-aef5-42d2-b74c-7fb751f70d69}]
04/30/2008 12:19 PM 105536 --a------ C:\WINDOWS\system32\unkegyiq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC6BADA9-DFE0-40E7-90D0-5F478E21EBE9}]
04/29/2008 10:58 AM 280576 --a------ C:\WINDOWS\system32\byXPJAro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [11/01/2005 03:12 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/13/2004 03:30 PM]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [12/07/2005 04:05 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [11/07/2006 03:49 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/11/2006 03:55 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 11:26 AM]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [09/08/2005 06:55 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/11/2006 03:44 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 08:50 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [07/14/2006 04:03 PM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [09/21/2004 03:22 AM]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [06/01/2006 03:37 AM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [03/11/2004 01:26 AM]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [02/14/2006 03:19 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/29/2008 10:21 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [12/18/2007 12:10 PM]
"bc94b1ad"="C:\WINDOWS\system32\fveydsxp.dll" [04/29/2008 11:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/06/2007 10:24 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 05:46 PM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [11/22/2007 12:10 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/11/2006 3:41:04 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [12/25/2006 9:21:33 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"= C:\WINDOWS\system32\bubbj.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{19B9CD57-3043-442F-8DFF-F9924AF056BD}"= C:\WINDOWS\system32\tuvTMgfF.dll [04/29/2008 10:17 AM 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTMgfF]
tuvTMgfF.dll 04/29/2008 10:17 AM 43008 C:\WINDOWS\system32\tuvTMgfF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXPJAro

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"C:\Program Files\CCleaner\CCleaner.exe" /AUTO

*Newly Created Service* - ATWPKT2



-- End of Deckard's System Scanner: finished at 2008-04-30 17:52:38 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1014.07 MiB / 500.34 MiB
Pagefile Memory (total/avail): 2442.23 MiB / 1754.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.42 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 52.7 GiB total, 20.36 GiB free.
D: is Fixed (NTFS) - 17.88 GiB total, 17.82 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 74.53 GiB total, 46.56 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HD080HJ/P - 74.5 GiB - 4 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 52.7 GiB - C:
\PARTITION2 - Installable File System - 17.88 GiB - D:
\PARTITION3 - Unknown - 3.88 GiB

\\.\PHYSICALDRIVE1 - Maxtor OneTouch USB Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: AVG 7.5.524 v7.5.524 (Grisoft) Disabled
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"="C:\\Program Files\\Laplink\\PCsync\\SFTHost.exe:*:Enabled:PCsync Host Module"
"C:\\Program Files\\Vongo\\VongoTray.exe"="C:\\Program Files\\Vongo\\VongoTray.exe:*:Disabled:StarzTray"
"C:\\Program Files\\Vongo\\Vongo.exe"="C:\\Program Files\\Vongo\\Vongo.exe:*:Enabled:Vongo"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cs\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cs
LOGONSERVER=\\COMPUTER2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\cs\LOCALS~1\Temp
TMP=C:\DOCUME~1\cs\LOCALS~1\Temp
USERDOMAIN=COMPUTER2
USERNAME=cs
USERPROFILE=C:\Documents and Settings\cs
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

cs (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
725plc32 --> MsiExec.exe /I{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belkin Wireless G Plus MIMO USB Network Adapter --> C:\Program Files\InstallShield Installation Information\{E5E96D69-F0FC-4CAC-AF66-E9770B46440D}\setup.exe -runfromtemp -l0x0409
Belkin Wireless G Plus MIMO USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D9050\Setup.exe" -l0x9
Biblical Hebrew (Tiro) --> MsiExec.exe /I{29F4F1C1-5278-436C-AB8D-2C1E2207552D}
BitPim 1.0.4 --> "C:\Program Files\BitPim\unins000.exe"
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CinepPlayer 30 Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}\setup.exe" -l0x9 -L0x9 /SMAINT
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Color Printer 725 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcfUNST.EXE -NOLICENSE
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Free CD to MP3 Converter --> C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
j2 Messenger 4.2 --> C:\Program Files\j2 Messenger 4.2\Uninstall.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\cs\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_6c7041\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Accounting 2007 --> "c:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business 2007 --> MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Small Business 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Desktop Engine (PINNACLESYS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WinUsb 1.0 --> "C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\cs\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\cs\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\Setup.exe"
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZero --> "C:\Program Files\NetZero\uninst.exe"
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
PCsync --> MsiExec.exe /X{3AF1FB80-21BD-4715-8EE2-AB77925519D9}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Pinnacle MediaServer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x9 UNINSTALL
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpiralFrog Download Manager 0.8.24 --> MsiExec.exe /X{95738B44-49CF-4C62-A620-320F1007B14A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Easy Transfer --> "C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type7686 / Error
Event Submitted/Written: 04/30/2008 05:20:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application belkinwcui.exe, version 1.0.0.17, faulting module blkwcapi.dll, version 1.0.6.11, fault address 0x000036a8.
Processing media-specific event for [belkinwcui.exe!ws!]

Event Record #/Type7683 / Error
Event Submitted/Written: 04/30/2008 04:22:32 PM
Event ID/Source: 0 / Spiralfrog
Event Description:
General Information
*********************************************
Additional Info:
ExceptionManager.MachineName: COMPUTER2
ExceptionManager.TimeStamp: 4/30/2008 4:22:32 PM
ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: COMPUTER2\cs

1) Exception Information
*********************************************
Exception Type: System.Exception
Message: The metadata file (the Server Manifest) can't be downloaded for the application 'SpiralfrogClient'.
Either the manifest is unavailable (check download URL in Updater config file), the downloader failed, or
the Manifest failed validation.
TargetSite: NULL
HelpLink: NULL
Source: NULL

2) Exception Information
*********************************************
Exception Type: System.Runtime.InteropServices.COMException
ErrorCode: -2145386481
Message: Exception from HRESULT: 0x8020000F.
TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyError ByRef)
HelpLink: NULL
Source: Microsoft.ApplicationBlocks.ApplicationUpdater

StackTrace Information
*********************************************
at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyJob.GetError(IBackgroundCopyError& ppError)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.HandleDownloadErrorCancelJob(IBackgroundCopyJob copyJob, String& errMessage)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.Microsoft.ApplicationBlocks.ApplicationUpdater.Interfaces.IDownloader.Download(String sourceFile, String destFile, TimeSpan maxTimeWait)
at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

Event Record #/Type7682 / Error
Event Submitted/Written: 04/30/2008 04:22:28 PM
Event ID/Source: 0 / Spiralfrog
Event Description:
General Information
*********************************************
Additional Info:
ExceptionManager.MachineName: COMPUTER2
ExceptionManager.TimeStamp: 4/30/2008 4:22:28 PM
ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: COMPUTER2\cs

1) Exception Information
*********************************************
Exception Type: System.Exception
Message: The BITS service returned an error for the job with the ID '8eebf017-e194-436d-9767-e433caca86f0';
the job's name and description are 'Updater job.' and 'Updater: Download the Server XML File.'.
The BITS service error message for this job is
'There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

'.
This job has been canceled, and the DownloaderManager will attempt it again. If you see this error frequently, you may have a mis-configuration, or another
administrator process/user is canceling BITS jobs.
It is also possible that some mis-configuration of the Manifest file is causing BITS to have trouble with a source or destination path;
be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite: NULL
HelpLink: NULL
Source: NULL

Event Record #/Type7654 / Warning
Event Submitted/Written: 04/30/2008 04:19:21 PM
Event ID/Source: 19011 / MSSQL$PINNACLESYS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type7651 / Warning
Event Submitted/Written: 04/30/2008 04:19:12 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type55646 / Warning
Event Submitted/Written: 04/30/2008 05:22:28 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type55645 / Error
Event Submitted/Written: 04/30/2008 04:52:07 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 00173F74899C. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type55641 / Warning
Event Submitted/Written: 04/30/2008 04:50:32 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00173F74899C. The IP address being used is 169.254.176.162.

Event Record #/Type55638 / Error
Event Submitted/Written: 04/30/2008 04:48:39 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 00173F74899C. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type55635 / Error
Event Submitted/Written: 04/30/2008 04:44:52 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 00173F74899C. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-30 17:52:38 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 PM

Posted 01 May 2008 - 11:28 PM

Hello kingsteve2002,

I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove one of these.
AVG Antivirus or McAfee Antivirus

Are you also running Symantec-Norton Antivirus? I see some Symantec in your log. If you running Norton Antivirus too, then decide which one you are going to keep.

After you uninstall one of them post a fresh Deckard's System Scanner log and we will take it from there.

Edited by SifuMike, 02 May 2008 - 12:09 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 kingsteve2002

kingsteve2002
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 04 May 2008 - 02:05 PM

HI, I have uninstalled Norton and AVG. Here's the new log. Thanks.

Deckard's System Scanner v20071014.68
Run by cs on 2008-05-04 14:57:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as cs.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:15 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?C...Field2=-74.2119
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0970A83F-A33F-49BA-855C-9544BA3335D7} - C:\WINDOWS\system32\byXPJAro.dll
O2 - BHO: (no name) - {19B9CD57-3043-442F-8DFF-F9924AF056BD} - C:\WINDOWS\system32\tuvTMgfF.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: {96d07f15-7bf7-c47b-2d24-5fea16116bed} - {deb61161-aef5-42d2-b74c-7fb751f70d69} - C:\WINDOWS\system32\unkegyiq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [bc94b1ad] rundll32.exe "C:\WINDOWS\system32\fveydsxp.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL
O20 - Winlogon Notify: tuvTMgfF - C:\WINDOWS\SYSTEM32\tuvTMgfF.dll
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12041 bytes

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 14:54:35 0 dr-h----- C:\Documents and Settings\cs\Recent
2008-04-30 17:21:26 0 d-------- C:\Program Files\Trend Micro
2008-04-30 12:19:08 105536 --a------ C:\WINDOWS\system32\unkegyiq.dll
2008-04-29 11:08:01 97856 --a------ C:\WINDOWS\system32\fveydsxp.dll
2008-04-29 10:58:32 528635 --ahs---- C:\WINDOWS\system32\orAJPXyb.ini2
2008-04-29 10:58:22 280576 --a------ C:\WINDOWS\system32\byXPJAro.dll
2008-04-29 10:17:52 43008 --a------ C:\WINDOWS\system32\tuvTMgfF.dll
2008-04-18 11:02:42 0 d-------- C:\Program Files\NetProject
2008-04-14 13:36:56 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 17:52:57 0 d-------- C:\Program Files\NCH Software


-- Find3M Report ---------------------------------------------------------------

2008-05-04 14:55:15 0 d-------- C:\Program Files\SpiralFrog
2008-05-04 14:51:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-04 11:48:22 0 d-------- C:\Program Files\Dl_cats
2008-04-30 11:58:40 47346 --a------ C:\Documents and Settings\cs\Application Data\wklnhst.dat
2008-04-29 11:28:22 0 d-------- C:\Documents and Settings\cs\Application Data\SUPERAntiSpyware.com
2008-04-29 11:28:19 0 d-------- C:\Program Files\Common Files
2008-04-29 11:28:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 11:26:36 0 d-------- C:\Program Files\Dell
2008-04-13 03:40:04 0 d-------- C:\Program Files\McAfee
2008-04-09 17:42:11 0 d-------- C:\Program Files\NCH Swift Sound
2008-04-08 20:11:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 19:41:20 0 d-------- C:\Documents and Settings\cs\Application Data\Adobe
2008-04-07 01:30:32 137304 --a------ C:\Documents and Settings\cs\Application Data\GDIPFONTCACHEV1.DAT
2008-04-02 15:52:39 0 d-------- C:\Documents and Settings\cs\Application Data\AdobeUM
2008-03-30 13:40:07 7168 --a------ C:\Documents and Settings\cs\Application Data\dvd.bmk
2008-03-25 16:05:20 0 d-------- C:\Program Files\VideoLAN
2008-03-25 01:26:16 0 d-------- C:\Documents and Settings\cs\Application Data\MozillaControl
2008-03-25 01:13:25 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-03-21 11:50:46 0 d-------- C:\Documents and Settings\cs\Application Data\NCH Swift Sound
2008-03-06 22:08:42 0 d-------- C:\Program Files\Common Files\Real
2008-03-06 22:08:25 0 d-------- C:\Program Files\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0970A83F-A33F-49BA-855C-9544BA3335D7}]
04/29/2008 10:58 AM 280576 --a------ C:\WINDOWS\system32\byXPJAro.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B9CD57-3043-442F-8DFF-F9924AF056BD}]
04/29/2008 10:17 AM 43008 --a------ C:\WINDOWS\system32\tuvTMgfF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{deb61161-aef5-42d2-b74c-7fb751f70d69}]
04/30/2008 12:19 PM 105536 --a------ C:\WINDOWS\system32\unkegyiq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [11/01/2005 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [11/07/2006 03:49 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/11/2006 03:55 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 11:26 AM]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [09/08/2005 06:55 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/11/2006 03:44 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 08:50 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [07/14/2006 04:03 PM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [09/21/2004 03:22 AM]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [06/01/2006 03:37 AM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [03/11/2004 01:26 AM]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [02/14/2006 03:19 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [12/18/2007 12:10 PM]
"bc94b1ad"="C:\WINDOWS\system32\fveydsxp.dll" [04/29/2008 11:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/06/2007 10:24 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 05:46 PM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [11/22/2007 12:10 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/11/2006 3:41:04 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [12/25/2006 9:21:33 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"= C:\WINDOWS\system32\bubbj.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{19B9CD57-3043-442F-8DFF-F9924AF056BD}"= C:\WINDOWS\system32\tuvTMgfF.dll [04/29/2008 10:17 AM 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTMgfF]
tuvTMgfF.dll 04/29/2008 10:17 AM 43008 C:\WINDOWS\system32\tuvTMgfF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXPJAro

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"C:\Program Files\CCleaner\CCleaner.exe" /AUTO




-- End of Deckard's System Scanner: finished at 2008-05-04 14:59:15 ------------

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 PM

Posted 04 May 2008 - 03:49 PM

Hi kingsteve2002,

This computer is heavily infected so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your McAfee Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.


Disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

To disable McAfee Virusscan:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Exit."
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions please install the Windows XP Recovery Console if you are using XP. <== IMPORTANT It is a simple procedure that will only take a few moments of your time.

You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Disconnect from the Internet.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 kingsteve2002

kingsteve2002
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 04 May 2008 - 05:20 PM

Thanks. Here's the ComboFix log:



ComboFix 08-05-01.3 - cs 2008-05-04 18:03:31.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.488 [GMT -4:00]
Running from: C:\Documents and Settings\cs\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\cs\Favorites\Online Security Test.url
C:\Program Files\NetProject
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\byXPJAro.dll
C:\WINDOWS\system32\fveydsxp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orAJPXyb.ini
C:\WINDOWS\system32\orAJPXyb.ini2
C:\WINDOWS\system32\pxsdyevf.ini
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\system32\tuvTMgfF.dll
C:\WINDOWS\system32\unkegyiq.dll
F:\Autorun.inf
F:\copy.exe
F:\setup.dll.vbs

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-04-30 17:49 . 2008-04-30 17:49 <DIR> d-------- C:\Deckard
2008-04-30 17:21 . 2008-04-30 17:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 13:36 . 2008-04-14 13:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-11 11:02 . 2008-04-29 17:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 11:02 . 2008-04-11 11:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 17:52 . 2008-04-09 17:52 <DIR> d-------- C:\Program Files\NCH Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 22:13 --------- d-----w C:\Program Files\SpiralFrog
2008-05-04 18:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-04 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-04 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-04 15:48 --------- d-----w C:\Program Files\Dl_cats
2008-04-30 15:58 47,346 ----a-w C:\Documents and Settings\cs\Application Data\wklnhst.dat
2008-04-29 15:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-29 15:28 --------- d-----w C:\Documents and Settings\cs\Application Data\SUPERAntiSpyware.com
2008-04-29 15:26 --------- d-----w C:\Program Files\Dell
2008-04-13 07:40 --------- d-----w C:\Program Files\McAfee
2008-04-09 21:42 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-09 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 05:30 137,304 ----a-w C:\Documents and Settings\cs\Application Data\GDIPFONTCACHEV1.DAT
2008-04-02 19:52 --------- d-----w C:\Documents and Settings\cs\Application Data\AdobeUM
2008-03-25 20:05 --------- d-----w C:\Program Files\VideoLAN
2008-03-25 05:26 --------- d-----w C:\Documents and Settings\cs\Application Data\MozillaControl
2008-03-25 05:13 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-03-21 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-21 15:50 26,112 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2008-03-21 15:50 --------- d-----w C:\Documents and Settings\cs\Application Data\NCH Swift Sound
2008-03-07 02:08 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-03-07 02:08 --------- d-----w C:\Program Files\Real
2008-03-07 02:08 --------- d-----w C:\Program Files\Common Files\Real
2008-02-03 15:00 250 ----a-w C:\Documents and Settings\cs\bitpim.dat
2007-11-22 19:19 50,688 ----a-w C:\Program Files\ATF-Cleaner.exe
2002-07-26 22:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2007-07-19 22:14 88 --sh--r C:\WINDOWS\system32\52C1C715A2.sys
2007-07-19 22:14 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-22_20.02.34.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2006-09-25 22:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 22:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2006-11-02 12:22:52 51,680 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2006-10-09 02:51:14 221,488 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2006-10-09 02:51:14 379,184 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2006-10-07 05:04:08 221,488 -c----w C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe
+ 2006-10-07 05:04:10 379,184 -c----w C:\WINDOWS\$NtUninstallWETCable$\spuninst\updspapi.dll
+ 2006-10-09 02:53:36 221,488 -c----w C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe
+ 2006-10-09 02:53:38 379,184 -c----w C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\updspapi.dll
+ 2004-09-15 16:28:06 480,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2005-01-28 17:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 17:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 17:44:28 502,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-01-28 17:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 17:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 09:00:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 09:00:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 09:00:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-01-28 17:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 17:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 17:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 17:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 17:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 17:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 23:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 23:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 16:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 17:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 17:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 17:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 17:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2007-10-27 22:40:06 227,328 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-01-28 17:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 17:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 17:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 17:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 17:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 17:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 17:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 17:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 17:44:28 819,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2005-01-28 17:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 17:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 17:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 17:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2006-12-07 05:29:34 2,374,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-01-28 17:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 17:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 17:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 17:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 17:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 17:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 17:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2004-09-15 16:28:06 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-09-15 16:27:52 344,064 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-09-15 16:27:54 819,200 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 23:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 23:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-09-15 16:27:54 192,512 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-09-15 16:27:54 189,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-09-15 16:27:54 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 12:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-09-15 16:28:00 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-09-15 16:28:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-09-15 16:28:00 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-09-15 16:28:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-09-15 16:28:00 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-09-15 16:28:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-09-15 16:28:00 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-09-15 16:28:00 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-09-15 16:28:00 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 06:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 06:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-29 00:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-06-07 20:41:12 48,724 ----a-w C:\WINDOWS\Application Data\Mobile Action\Driver\Sprint_PCS_(USA)_Sanyo Katana (SCP-6600)_Cable\ma9kmi00.sys
+ 2006-06-07 20:41:12 48,724 ----a-w C:\WINDOWS\Application Data\Mobile Action\Driver\Sprint_PCS_(USA)_Sanyo Katana (SCP-6600)_Cable\ma9kmi01.sys
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-02-28 05:07:24 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-02-28 05:07:24 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-02-28 05:07:23 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-02-28 05:06:55 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-02-28 05:07:06 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-02-28 05:25:02 20,080 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-02-28 05:07:22 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-02-28 05:07:06 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-02-28 05:07:22 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-02-28 05:07:24 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-02-28 05:07:06 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-02-28 05:07:17 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-02-28 05:07:11 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-02-28 05:07:11 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-02-28 05:25:06 208,896 ----a-w C:\WINDOWS\assembly\GAC\SBAIAPI\1.0.2409.0__31bf3856ad364e35\SBAIAPI.dll
+ 2008-02-28 05:25:06 5,120 ----a-w C:\WINDOWS\assembly\GAC\SBAIUI\1.0.2409.0__31bf3856ad364e35\SBAIUI.dll
+ 2008-02-28 05:07:22 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-02-28 05:25:10 102,400 ----a-w C:\WINDOWS\assembly\GAC\Xceed.Compression\3.2.6410.0__ba83ff368b7563c6\Xceed.Compression.dll
+ 2008-02-28 05:25:11 122,880 ----a-w C:\WINDOWS\assembly\GAC\Xceed.FileSystem\3.2.6410.0__ba83ff368b7563c6\Xceed.FileSystem.dll
+ 2008-02-28 05:25:11 299,008 ----a-w C:\WINDOWS\assembly\GAC\Xceed.Grid.UIStyle\2.2.201.2__ba83ff368b7563c6\Xceed.Grid.UIStyle.dll
+ 2008-02-28 05:25:11 802,816 ----a-w C:\WINDOWS\assembly\GAC\Xceed.Grid\2.2.201.2__ba83ff368b7563c6\Xceed.Grid.dll
+ 2008-02-28 05:25:11 196,608 ----a-w C:\WINDOWS\assembly\GAC\Xceed.SmartUI.Controls\3.3.5179.0__ba83ff368b7563c6\Xceed.SmartUI.Controls.dll
+ 2008-02-28 05:25:11 233,472 ----a-w C:\WINDOWS\assembly\GAC\Xceed.SmartUI.UIStyle\3.3.5179.0__ba83ff368b7563c6\Xceed.SmartUI.UIStyle.dll
+ 2008-02-28 05:25:11 221,184 ----a-w C:\WINDOWS\assembly\GAC\Xceed.SmartUI\3.3.5179.0__ba83ff368b7563c6\Xceed.SmartUI.dll
+ 2008-02-28 05:25:12 212,992 ----a-w C:\WINDOWS\assembly\GAC\Xceed.Zip\3.2.6410.0__ba83ff368b7563c6\Xceed.Zip.dll
+ 2008-02-28 05:26:57 1,403,712 ----a-w C:\WINDOWS\assembly\GAC_32\AddOnCommon\2.0.6830.0__31bf3856ad364e35\AddOnCommon.dll
+ 2008-02-28 05:25:00 18,280 ----a-w C:\WINDOWS\assembly\GAC_32\AddressParser\2.0.5201.0__31bf3856ad364e35\AddressParser.dll
+ 2008-02-28 05:27:08 26,448 ----a-w C:\WINDOWS\assembly\GAC_32\CreditReporting\2.0.6830.0__31bf3856ad364e35\CreditReporting.dll
+ 2008-02-28 05:27:08 588,624 ----a-w C:\WINDOWS\assembly\GAC_32\CreditReportingAddin\2.0.6830.0__31bf3856ad364e35\CreditReportingAddin.dll
+ 2008-02-28 05:27:10 174,928 ----a-w C:\WINDOWS\assembly\GAC_32\CreditReportingInstaller\2.0.6830.0__31bf3856ad364e35\CreditReportingInstaller.dll
+ 2008-02-28 05:27:10 11,600 ----a-w C:\WINDOWS\assembly\GAC_32\CreditReportingInstallerLoader\2.0.6830.0__31bf3856ad364e35\CreditReportingInstallerLoader.dll
+ 2008-02-28 05:27:08 60,240 ----a-w C:\WINDOWS\assembly\GAC_32\CreditReportingResources\2.0.6830.0__31bf3856ad364e35\CreditReportingResources.dll
+ 2008-04-11 07:04:15 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-02-28 05:27:19 15,192 ----a-w C:\WINDOWS\assembly\GAC_32\FamInstaller\2.0.6830.0__31bf3856ad364e35\FamInstaller.dll
+ 2008-02-28 05:27:19 11,608 ----a-w C:\WINDOWS\assembly\GAC_32\FamInstallerLoader\2.0.6830.0__31bf3856ad364e35\FamInstallerLoader.dll
+ 2008-02-28 05:27:18 2,833,240 ----a-w C:\WINDOWS\assembly\GAC_32\FAMUI\2.0.6830.0__31bf3856ad364e35\FAMUI.dll
+ 2008-02-28 05:27:18 326,488 ----a-w C:\WINDOWS\assembly\GAC_32\FixedAssetManagement\2.0.6830.0__31bf3856ad364e35\FixedAssetManagement.dll
+ 2008-02-28 05:23:07 14,184 ----a-w C:\WINDOWS\assembly\GAC_32\ILoader\2.0.5201.0__31bf3856ad364e35\ILoader.dll
+ 2008-02-28 05:25:00 64,360 ----a-w C:\WINDOWS\assembly\GAC_32\ImportExport\2.0.5201.0__31bf3856ad364e35\ImportExport.dll
+ 2008-04-11 07:04:22 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-02-28 05:23:07 47,976 ----a-w C:\WINDOWS\assembly\GAC_32\Loader\2.0.5201.0__31bf3856ad364e35\Loader.dll
+ 2008-02-28 05:25:01 236,392 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.SBA.OfficeLive\2.0.5201.0__31bf3856ad364e35\Microsoft.SBA.OfficeLive.dll
+ 2008-02-28 05:17:05 396,576 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
+ 2008-02-28 05:17:07 75,480 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
+ 2008-02-28 05:25:01 15,720 ----a-w C:\WINDOWS\assembly\GAC_32\MigrationInterface\2.0.5201.0__31bf3856ad364e35\MigrationInterface.dll
+ 2008-02-28 05:25:01 381,800 ----a-w C:\WINDOWS\assembly\GAC_32\MoneyMigrationWrapper\2.0.5201.0__31bf3856ad364e35\MoneyMigrationWrapper.dll
+ 2008-04-11 07:03:49 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-02-28 05:25:01 211,816 ----a-w C:\WINDOWS\assembly\GAC_32\MSIDCRL.Managed\2.0.5201.0__31bf3856ad364e35\MSIDCRL.Managed.dll
+ 2008-02-28 05:25:02 18,792 ----a-w C:\WINDOWS\assembly\GAC_32\NameParser\2.0.5201.0__31bf3856ad364e35\NameParser.dll
+ 2008-02-28 05:25:02 367,464 ----a-w C:\WINDOWS\assembly\GAC_32\ParseLib2\1.0.2453.28261__31bf3856ad364e35\ParseLib2.dll
+ 2008-02-28 05:26:58 744,264 ----a-w C:\WINDOWS\assembly\GAC_32\PayPal\2.0.6830.0__31bf3856ad364e35\PayPal.dll
+ 2008-02-28 05:26:59 97,096 ----a-w C:\WINDOWS\assembly\GAC_32\PayPalInstaller\2.0.6830.0__31bf3856ad364e35\PayPalInstaller.dll
+ 2008-02-28 05:26:59 11,592 ----a-w C:\WINDOWS\assembly\GAC_32\PayPalInstallerLoader\2.0.6830.0__31bf3856ad364e35\PayPalInstallerLoader.dll
+ 2008-02-28 05:26:58 56,136 ----a-w C:\WINDOWS\assembly\GAC_32\PayPalResources\2.0.6830.0__31bf3856ad364e35\PayPalResources.dll
+ 2008-02-28 05:26:58 14,664 ----a-w C:\WINDOWS\assembly\GAC_32\PayPalSchema\2.0.6830.0__31bf3856ad364e35\PayPalSchema.dll
+ 2008-02-28 05:27:48 20,480 ----a-w C:\WINDOWS\assembly\GAC_32\PayrollAPI\1.0.1113.0__6349c533671ae4a6\PayrollApi.dll
+ 2008-02-28 05:27:48 45,056 ----a-w C:\WINDOWS\assembly\GAC_32\PayrollIAPI\1.0.1113.0__6349c533671ae4a6\PayrollIApi.dll
+ 2008-02-28 05:27:48 1,736,704 ----a-w C:\WINDOWS\assembly\GAC_32\PayrollLIB\1.0.1113.0__6349c533671ae4a6\PayrollLib.dll
+ 2008-02-28 05:25:04 5,315,432 ----a-w C:\WINDOWS\assembly\GAC_32\SBAAPI\2.0.5201.0__31bf3856ad364e35\SBAAPI.dll
+ 2008-02-28 05:24:41 64,360 ----a-w C:\WINDOWS\assembly\GAC_32\SBAAPIEnUS\2.0.5201.0__31bf3856ad364e35\SBAAPIENUS.dll
+ 2008-02-28 05:25:05 21,864 ----a-w C:\WINDOWS\assembly\GAC_32\SBAAPIProxy\2.0.5201.0__31bf3856ad364e35\SBAAPIProxy.dll
+ 2008-02-28 05:25:05 12,136 ----a-w C:\WINDOWS\assembly\GAC_32\SBAComponents\2.0.5201.0__31bf3856ad364e35\SBAComponents.dll
+ 2008-02-28 05:25:05 16,744 ----a-w C:\WINDOWS\assembly\GAC_32\SBACryptoServices\2.0.5201.0__31bf3856ad364e35\SBACryptoServices.dll
+ 2008-02-28 05:25:05 162,664 ----a-w C:\WINDOWS\assembly\GAC_32\SBAECOMM\2.0.5201.0__31bf3856ad364e35\SBAECOMM.dll
+ 2008-02-28 05:24:41 11,624 ----a-w C:\WINDOWS\assembly\GAC_32\SBAIAPIENUS\2.0.5201.0__31bf3856ad364e35\SBAIAPIENUS.dll
+ 2008-02-28 05:25:06 281,448 ----a-w C:\WINDOWS\assembly\GAC_32\SBAIAPIV2\2.0.5201.0__31bf3856ad364e35\SBAIAPIV2.dll
+ 2008-02-28 05:25:06 52,072 ----a-w C:\WINDOWS\assembly\GAC_32\SBAIREPORTING\2.0.5201.0__31bf3856ad364e35\SBAIREPORTING.dll
+ 2008-02-28 05:25:06 125,800 ----a-w C:\WINDOWS\assembly\GAC_32\SBAMasterDataWriter\2.0.5201.0__31bf3856ad364e35\SBAMasterDataWriter.dll
+ 2008-02-28 05:27:08 52,048 ----a-w C:\WINDOWS\assembly\GAC_32\SBAOnline.EquifaxOperationHandler\2.0.6830.0__31bf3856ad364e35\SBAOnline.EquifaxOperationHandler.dll
+ 2008-02-28 05:27:08 97,104 ----a-w C:\WINDOWS\assembly\GAC_32\SBAOnline.EquifaxWebServices\2.0.6830.0__31bf3856ad364e35\SBAOnline.EquifaxWebServices.dll
+ 2008-02-28 05:27:08 18,768 ----a-w C:\WINDOWS\assembly\GAC_32\SBAOnline.SBAOperationHandler\2.0.6830.0__31bf3856ad364e35\SBAOnline.SBAOperationHandler.dll
+ 2008-02-28 05:27:09 43,856 ----a-w C:\WINDOWS\assembly\GAC_32\SBAOnline.SignUpWizardResources\2.0.6830.0__31bf3856ad364e35\SBAOnline.SignUpWizardResources.dll
+ 2008-02-28 05:27:09 113,488 ----a-w C:\WINDOWS\assembly\GAC_32\SBAOnline.SubscriptionSignup\2.0.6830.0__31bf3856ad364e35\SBAOnline.SubscriptionSignup.dll
+ 2008-02-28 05:25:06 88,936 ----a-w C:\WINDOWS\assembly\GAC_32\SBAPAYROLL\2.0.5201.0__31bf3856ad364e35\SBAPAYROLL.dll
+ 2008-02-28 05:25:12 59,752 ----a-w C:\WINDOWS\assembly\GAC_32\sbaprint\2.0.5201.0__31bf3856ad364e35\sbaprint.dll
+ 2008-02-28 05:25:07 1,035,112 ----a-w C:\WINDOWS\assembly\GAC_32\SBAReporting\2.0.5201.0__31bf3856ad364e35\SBAReporting.dll
+ 2008-02-28 05:25:07 6,331,240 ----a-w C:\WINDOWS\assembly\GAC_32\SBAReportingBitmap\2.0.5201.0__31bf3856ad364e35\SBAReportingBitmap.dll
+ 2008-02-28 05:24:41 13,160 ----a-w C:\WINDOWS\assembly\GAC_32\SBAReportingEnUS\2.0.5201.0__31bf3856ad364e35\SBAReportingEnUS.dll
+ 2008-02-28 05:25:07 1,481,576 ----a-w C:\WINDOWS\assembly\GAC_32\SBAResources\2.0.5201.0__31bf3856ad364e35\SBAResources.dll
+ 2008-02-28 05:25:10 43,880 ----a-w C:\WINDOWS\assembly\GAC_32\SbaSmartDoc\2.0.5201.0__31bf3856ad364e35\SbaSmartDoc.dll
+ 2008-02-28 05:25:08 117,608 ----a-w C:\WINDOWS\assembly\GAC_32\SBASpreadsheetML\2.0.5201.0__31bf3856ad364e35\SBASpreadsheetML.dll
+ 2008-02-28 05:25:07 60,264 ----a-w C:\WINDOWS\assembly\GAC_32\SBASQM\2.0.5201.0__31bf3856ad364e35\SBASQM.dll
+ 2008-02-28 05:25:10 16,649,064 ----a-w C:\WINDOWS\assembly\GAC_32\SBAUI\2.0.5201.0__31bf3856ad364e35\SBAUI.dll
+ 2008-02-28 05:24:41 281,448 ----a-w C:\WINDOWS\assembly\GAC_32\sbauienus\2.0.5201.0__31bf3856ad364e35\sbauienus.dll
+ 2008-02-28 05:25:10 61,288 ----a-w C:\WINDOWS\assembly\GAC_32\SbaWatson\2.0.5201.0__31bf3856ad364e35\SbaWatson.dll
+ 2008-04-11 07:04:24 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-11 07:04:08 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-11 07:04:28 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-11 07:04:28 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-11 07:04:23 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-11 07:04:05 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-11 07:04:12 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-11 07:04:06 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-02-28 05:25:00 174,952 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AxOWC11\11.0.0.0__31bf3856ad364e35\AxOwc11.dll
+ 2008-04-11 07:04:15 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-02-28 05:27:18 303,104 ----a-w C:\WINDOWS\assembly\GAC_MSIL\FA2SBA\2.0.1.2__7384cb34d6e92705\FA2SBA.dll
+ 2008-04-11 07:04:18 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-11 07:04:19 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-11 07:04:20 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-02-28 05:17:16 543,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2008-02-28 05:17:05 137,944 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
+ 2008-02-28 05:17:05 1,211,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
+ 2008-04-11 07:04:28 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-11 07:04:29 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-11 07:04:30 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-11 07:04:31 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-02-28 05:25:02 1,022,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.BusinessSolutions.SBA.Interop.Access\9.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.SBA.Interop.Access.dll
+ 2008-02-28 05:25:03 1,096,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.BusinessSolutions.SBA.Interop.Excel\1.5.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.SBA.Interop.Excel.dll
+ 2008-02-28 05:25:04 416,616 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.BusinessSolutions.SBA.Interop.Outlook\9.2.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.SBA.Interop.Outlook.dll
+ 2008-02-28 05:25:00 465,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.BusinessSolutions.SBA.Interop.Owc11\1.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.SBA.Interop.Owc11.dll
+ 2008-02-28 05:25:04 662,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.BusinessSolutions.SBA.Interop.Word\8.3.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.SBA.Interop.Word.dll
+ 2008-02-28 05:17:05 35,616 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
+ 2008-04-11 07:04:21 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-02-28 05:14:44 133,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
+ 2008-02-28 05:17:03 150,232 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2008-02-28 05:14:45 43,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
+ 2008-02-28 05:14:45 199,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
+ 2008-02-28 05:17:09 16,600 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.Instapi\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.InstApi.dll
+ 2008-02-28 05:17:05 72,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
+ 2008-02-28 05:17:06 555,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
+ 2008-02-28 05:17:04 39,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
+ 2008-02-28 05:14:45 289,496 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll
+ 2008-02-28 05:17:00 1,555,232 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2008-02-28 05:17:01 232,224 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
+ 2008-02-28 05:17:02 908,064 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
+ 2008-02-28 05:17:07 43,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.SqlTDiagM\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlTDiagM.dll
+ 2008-02-28 05:17:00 20,184 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.SString\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SString.dll
+ 2008-02-28 05:14:45 592,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2008-02-28 05:17:04 43,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2008-04-11 07:04:19 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-11 07:04:17 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-11 07:04:25 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-11 07:04:17 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-11 07:04:02 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-11 07:04:27 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-11 07:04:16 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-11 07:04:16 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-02-28 05:17:07 84,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\MSClusterLib\1.0.0.0__89845dcd8080cc91\MSClusterLib.dll
+ 2008-02-28 05:25:04 146,280 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SBA.Interop.SHDocVw\1.1.0.0__31bf3856ad364e35\SBA.Interop.SHDocVw.dll
+ 2008-02-28 05:25:04 25,448 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SBA.MsHtmHstInterop\1.0.0.0__31bf3856ad364e35\SBA.MsHtmHstInterop.dll
+ 2008-02-28 05:25:07 371,560 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SBASpreadsheetML.XmlSerializers\2.0.5201.0__31bf3856ad364e35\SBASpreadsheetML.XmlSerializers.dll
+ 2008-02-28 05:25:08 121,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SBAUI.XmlSerializers\2.0.5201.0__31bf3856ad364e35\SBAUI.XmlSerializers.dll
+ 2008-04-11 07:04:21 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-11 07:04:21 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-11 07:04:07 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-11 07:04:08 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-11 07:04:09 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-11 07:04:31 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-11 07:04:30 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-11 07:04:13 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-11 07:04:26 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-11 07:04:03 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-11 07:04:27 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-11 07:04:25 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-11 07:04:24 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-11 07:04:23 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-11 07:04:03 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-11 07:04:04 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-11 07:04:11 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-11 07:04:12 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-11 07:04:10 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-11 07:04:14 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-11 07:04:05 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-11 07:04:10 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-11 07:08:24 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-11 07:10:37 42,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AddressParser\b21b07465d5fab48ef2280e1e77eaa9d\AddressParser.ni.dll
+ 2008-04-11 07:10:27 282,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ADODB\d3892221a8f2eddb1c76c486e01f6736\ADODB.ni.dll
+ 2008-04-11 07:08:25 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-11 07:10:24 516,096 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AxOWC11\8beac5c34e543ec0f0107a1d3b159c42\AxOWC11.ni.dll
+ 2008-04-11 07:19:20 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-11 07:10:58 458,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DataMigration\a81618f5d2ca58f75d125ba387f05191\DataMigration.ni.dll
+ 2008-04-11 07:19:20 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-11 07:19:23 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-11 07:19:23 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-11 07:19:27 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-11 07:19:28 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-11 07:10:25 1,093,632 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b2f3be9006d6f7ded0a826290af14035\Microsoft.BusinessSolutions.SBA.Interop.Owc11.ni.dll
+ 2008-04-11 07:10:40 1,486,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b884771d87f687ce9b95c4d150879fc0\Microsoft.BusinessSolutions.SBA.Interop.Word.ni.dll
+ 2008-04-11 07:10:23 1,073,152 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e0e8dde60cd22fbca75bb5379680fba2\Microsoft.BusinessSolutions.SBA.Interop.Outlook.ni.dll
+ 2008-04-11 07:10:19 2,449,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\ed4e50bc6456ecf0aa48114cf1c5303a\Microsoft.BusinessSolutions.SBA.Interop.Excel.ni.dll
+ 2008-04-11 07:10:48 39,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\f6e3ad01b452ad70c8d2e0e25216d5dd\Microsoft.Interop.eCRM.NetFw.ni.dll
+ 2008-04-11 07:10:34 2,441,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
+ 2008-04-11 07:11:20 18,370,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.mshtml\68d912ba5a0696bca680060ad65e7e00\Microsoft.mshtml.ni.dll
+ 2008-04-11 07:19:30 249,856 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\c851efbcdb133ac214b09ae51ff54b55\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2008-04-11 07:10:42 602,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SBA.Offic#\d0c827e0231cd0256ec7e55379ff5351\Microsoft.SBA.OfficeLive.ni.dll
+ 2008-04-11 07:18:39 315,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\01c11293fd0f7bfbdce62c2b96ca9e44\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2008-04-11 07:19:33 561,152 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\057d6ab1c1f71152ad954bb83ad6b59a\Microsoft.SqlServer.GridControl.ni.dll
+ 2008-04-11 07:18:46 1,204,224 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\08ddebfd04e2e758e8e43f98f285f941\Microsoft.SqlServer.Rmo.ni.dll
+ 2008-04-11 07:19:31 90,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\13256fee4d650a2b1533c00ce04871a0\Microsoft.SqlServer.CustomControls.ni.dll
+ 2008-04-11 07:18:37 5,136,384 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1f6ed440e341800ecd7c114502841ee3\Microsoft.SqlServer.Smo.ni.dll
+ 2008-04-11 07:18:43 1,261,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\51b5f031dd59f0a6bab7cf9344caa3c2\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2008-04-11 07:18:41 376,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5eb1b984543e822ff2cc5521646a9949\Microsoft.SqlServer.SmoEnum.ni.dll
+ 2008-04-11 07:18:48 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7fd88d067ad90759cabf4043ac94f3ef\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2008-04-11 07:19:36 1,028,096 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\87fc9687f3a26c1f9650b2d0fcac3d0e\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2008-04-11 07:19:34 376,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8a623038cabd22378ae860620f61bc8f\Microsoft.SqlServer.Setup.ni.dll
+ 2008-04-11 07:18:50 147,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\95cf635fb888ec1baf387614c83c409f\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2008-04-11 07:18:49 36,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a3e1a59a9a757c37ad45920aff9ff985\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2008-04-11 07:18:40 663,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fa82e2ecbf275f09b2411d04eb3813f2\Microsoft.SqlServer.BatchParser.ni.dll
+ 2008-04-11 07:10:21 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\4775ef34f6cec26921cb414883c65d51\Microsoft.Vbe.Interop.ni.dll
+ 2008-04-11 07:19:40 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-11 07:08:50 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-04-11 07:10:35 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll
+ 2008-04-11 07:11:03 30,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MigrationInterface\8a4dca9ee4c02e72ede1141636d0c87b\MigrationInterface.ni.dll
+ 2008-04-11 07:11:05 851,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MoneyMigrationWrapp#\189bbf23f8161f4657d0b44cb52d9741\MoneyMigrationWrapper.ni.dll
+ 2008-04-11 07:10:27 638,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscomctl\b7bcdaeecd2d88c19026221f189a2c9b\mscomctl.ni.dll
+ 2008-04-11 07:05:56 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-11 07:10:26 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSDATASRC\33171b31a051252cf934fab57a839c9c\MSDATASRC.ni.dll
+ 2008-04-11 07:10:43 360,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSIDCRL.Managed\3dc474c7f8fd68d8cee5156cc45dda38\MSIDCRL.Managed.ni.dll
+ 2008-04-11 07:10:36 42,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\NameParser\aa96cd384c1f9f0c97e88098f6685d7e\NameParser.ni.dll
+ 2008-04-11 07:10:20 925,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\office\8657f3dbec58d39947b97d84f6f770c2\office.ni.dll
+ 2008-04-11 07:10:38 126,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ParseLib2\dc472fd9e769d80a64f78a95ad8bd45e\ParseLib2.ni.dll
+ 2008-04-11 07:10:50 118,784 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ProductActivationWr#\aa237f2925b611f65cc6cffc99a27b20\ProductActivationWrapper.ni.dll
+ 2008-04-11 07:10:41 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBA.AxInterop.SHDoc#\92ce0210bfc28b3ae25597661d7a3017\SBA.AxInterop.SHDocVw.ni.dll
+ 2008-04-11 07:10:59 20,992 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBA.Interop.OfficeQ\130d9a3123d9b27635ebe3e9a640129b\SBA.Interop.OfficeQ.ni.dll
+ 2008-04-11 07:11:02 20,992 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBA.Interop.OfficeQ6\b5cd5a13f7984a2f70f1cbae58d9ccb5\SBA.Interop.OfficeQ6.ni.dll
+ 2008-04-11 07:10:12 368,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBA.Interop.SHDocVw\0fb135ec59afb04843b7aa67b2b29586\SBA.Interop.SHDocVw.ni.dll
+ 2008-04-11 07:10:10 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBA.MsHtmHstInterop\817a052c1b9c01444f731af17ffb266f\SBA.MsHtmHstInterop.ni.dll
+ 2008-04-11 07:08:38 11,444,224 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAAPI\7d65bc8ae61c8f47f3feadb4bddcbdce\SBAAPI.ni.dll
+ 2008-04-11 07:08:28 131,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAAPIEnUS\406c1ad87f3ddb6a3cb57469e8104c3c\SBAAPIEnUS.ni.dll
+ 2008-04-11 07:09:27 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAComponents\69bb6aaefb0e3fe9d81e87e612752bdf\SBAComponents.ni.dll
+ 2008-04-11 07:09:26 31,232 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBACryptoServices\76cb258b8d63a6d9af87a88fe41a9013\SBACryptoServices.ni.dll
+ 2008-04-11 07:10:56 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAECOMM\4a3674f1aa338c1822140e61f031b21e\SBAECOMM.ni.dll
+ 2008-04-11 07:08:40 532,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAIAPI\2fe04212897aaa6b168936df94d6343b\SBAIAPI.ni.dll
+ 2008-04-11 07:09:26 15,872 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAIAPIENUS\8b49e64777878cfd6f86a028d481a32b\SBAIAPIENUS.ni.dll
+ 2008-04-11 07:08:39 643,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAIAPIV2\33f681d2f41592ce430d0568f4a58590\SBAIAPIV2.ni.dll
+ 2008-04-11 07:10:11 122,880 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAIREPORTING\c26b3d391d9e693a95fb78ea83fb0b59\SBAIREPORTING.ni.dll
+ 2008-04-11 07:10:10 16,896 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAIUI\0e6dc67e78333b403f2a16e15346d143\SBAIUI.ni.dll
+ 2008-04-11 07:18:51 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\c67c2cb8edd01cc861d32caadaa0be48\SBAK.ni.dll
+ 2008-04-11 07:18:51 15,872 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAKB\2b66333aa3afb72dae586b8e695bdc44\SBAKB.ni.dll
+ 2008-04-11 07:10:28 417,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAMasterDataWriter\f02bc449847cfbc53c15b76a427f963d\SBAMasterDataWriter.ni.dll
+ 2008-04-11 07:10:54 217,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAPAYROLL\dbb4f2d68f96e290ec3cbb3b2283d080\SBAPAYROLL.ni.dll
+ 2008-04-11 07:10:57 131,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sbaprint\892ff32d60783cc29123547b97d32ff5\sbaprint.ni.dll
+ 2008-04-11 07:10:15 2,154,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAReporting\14d0dcaa1c39263fd1b66a75b4f1221e\SBAReporting.ni.dll
+ 2008-04-11 07:10:22 6,348,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAReportingBitmap\df998b079937c0a75b1e672d1fda8cc9\SBAReportingBitmap.ni.dll
+ 2008-04-11 07:10:17 2,154,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAResources\906fd433b6caf49ced4e283726d513b1\SBAResources.ni.dll
+ 2008-04-11 07:10:17 282,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBASpreadsheetML\f74321e68f1658850744f709df5884ce\SBASpreadsheetML.ni.dll
+ 2008-04-11 07:10:29 126,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBASQM\f5a1847803ad19454e108811b2c9c0db\SBASQM.ni.dll
+ 2008-04-11 07:19:14 143,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAUI.XmlSerializers\ccff011af543ae5bbee1561f5349bcb9\SBAUI.XmlSerializers.ni.dll
+ 2008-04-11 07:10:04 28,659,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAUI\d42524896d375af5fb6a72cdcefca82d\SBAUI.ni.dll
+ 2008-04-11 07:19:19 425,984 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sbauienus\a13c1a2b3436534074c01007a147bd83\sbauienus.ni.dll
+ 2008-04-11 07:18:50 126,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SbaWatson\fd188437d2505e94ef436fea0f7a0895\SbaWatson.ni.dll
+ 2008-04-11 07:10:20 44,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\5eef2f32e44870fde9f65d34d523ef3e\stdole.ni.dll
+ 2008-04-11 07:09:25 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-04-11 07:08:42 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-11 07:09:22 1,183,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-04-11 07:08:48 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-04-11 07:06:20 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-11 07:09:20 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-11 07:06:37 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-11 07:08:55 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-11 07:09:24 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-11 07:06:41 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-11 07:06:40 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-11 07:08:53 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-11 07:08:53 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-11 07:10:31 1,064,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
+ 2008-04-11 07:08:57 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-04-11 07:09:18 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-04-11 07:08:49 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-11 07:09:25 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-11 07:08:51 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-11 07:19:46 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-11 07:09:23 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-11 07:09:17 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-11 07:09:14 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-11 07:06:59 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-11 07:07:08 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-11 07:06:09 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2008-04-11 07:10:47 290,816 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Xceed.Compression\7663e237b05877d7e840ad9f89378f28\Xceed.Compression.ni.dll
+ 2008-04-11 07:10:46 348,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Xceed.FileSystem\fd4d2d5b32086ad1c4d2954b3add7353\Xceed.FileSystem.ni.dll
+ 2008-04-11 07:10:09 696,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Xceed.Grid.UIStyle\53448b62577f1eefe9bf50f92a31b1c1\Xceed.Grid.UIStyle.ni.dll
+ 2008-04-11 07:10:08 2,277,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Xceed.Grid\02955b696a1b3351342d693e31fa222f\Xceed.Grid.ni.dll
+ 2008-04-11 07:10:45 614,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Xceed.Zip\fca40d1c489c82a597da860c3bdd1f79\Xceed.Zip.ni.dll
+ 2008-05-04 22:11:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 12:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
- 2004-09-15 16:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2008-02-28 05:27:03 25,214 ----a-r C:\WINDOWS\Installer\{353D20CC-719B-4A60-AD33-D03F88C10330}\ARPPRODUCTICON.exe
+ 2008-02-29 05:29:35 25,214 ----a-r C:\WINDOWS\Installer\{3AF1FB80-21BD-4715-8EE2-AB77925519D9}\ARPPRODUCTICON.exe
+ 2008-02-29 05:29:35 25,214 ----a-r C:\WINDOWS\Installer\{3AF1FB80-21BD-4715-8EE2-AB77925519D9}\NewShortcut3_DDBC8703AA18491F97BE98D4543A901B.exe
+ 2008-02-29 05:29:35 65,536 ----a-r C:\WINDOWS\Installer\{3AF1FB80-21BD-4715-8EE2-AB77925519D9}\PCsync.exe_3346A1D849F846D99DBAF4FF1EBAED53.exe
+ 2008-02-29 05:29:35 25,214 ----a-r C:\WINDOWS\Installer\{3AF1FB80-21BD-4715-8EE2-AB77925519D9}\PCsync.HLP_3346A1D849F846D99DBAF4FF1EBAED53.exe
+ 2008-02-28 05:27:24 25,214 ----a-r C:\WINDOWS\Installer\{46614A49-222A-48EF-87A9-BFD603E608E1}\ARPPRODUCTICON.exe
+ 2008-02-28 05:27:12 25,214 ----a-r C:\WINDOWS\Installer\{8C711818-076E-475C-B95B-DF11CD9D8DBE}\ARPPRODUCTICON.exe
+ 2007-12-05 00:51:02 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-02-28 05:04:29 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-02-28 05:23:24 135,168 ----a-r C:\WINDOWS\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-28 05:07:46 20,240 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-02-28 05:07:46 217,864 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2008-02-28 05:07:46 18,704 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-02-28 05:07:46 35,088 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-02-28 05:07:46 845,584 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-02-28 05:07:46 922,384 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-02-28 05:07:46 272,648 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-02-28 05:07:46 888,080 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-02-28 05:07:46 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2006-08-11 19:51:36 2,560 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-08-11 19:49:38 2,238 ----a-r C:\WINDOWS\Installer\{A683A2C0-821C-486F-858C-FA634DB5E864}\ARPPRODUCTICON.exe
+ 2008-02-28 05:23:08 25,214 ----a-r C:\WINDOWS\Installer\{A939D341-5A04-4E0A-BB55-3E65B386432D}\ARPPRODUCTICON.exe
+ 2008-02-28 05:25:27 25,214 ----a-r C:\WINDOWS\Installer\{B0717D5A-1976-482B-9ADF-F19631A541A4}\ARPPRODUCTICON.exe
- 2003-02-20 23:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-24 05:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2003-02-20 23:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 05:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 05:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 05:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 05:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2003-02-20 22:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 05:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 05:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 05:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-24 05:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 05:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 05:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 05:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 05:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 05:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-24 05:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 05:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 05:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 05:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 05:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 05:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 05:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 05:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 05:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 05:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 05:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 05:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 05:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 05:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-24 05:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-24 05:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-24 05:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-24 05:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-24 05:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-24 05:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-24 05:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-24 05:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-24 05:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-24 05:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-24 05:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 05:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 05:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-24 05:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-24 05:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-24 05:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-24 05:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 05:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-24 05:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 05:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-24 05:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-24 05:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-24 05:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-24 05:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-24 05:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-24 05:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-24 05:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-24 05:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-24 05:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 05:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 05:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-24 05:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 05:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-24 05:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-24 05:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 05:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-24 05:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-24 05:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-24 05:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-24 05:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 05:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-24 05:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 05:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 05:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-24 05:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-24 05:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-24 05:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 05:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 05:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-24 05:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 05:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-24 05:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 05:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-24 05:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-24 05:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-24 05:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 05:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 05:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 05:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 05:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-24 05:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-24 05:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-24 05:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 05:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-24 05:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-24 05:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 05:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-24 05:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 05:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 05:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-24 05:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-24 05:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-24 05:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-24 05:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-24 05:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 05:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 05:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-24 05:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-24 05:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-24 05:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-24 05:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-24 05:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 05:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-24 05:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 05:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-24 05:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-24 05:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-24 05:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-24 05:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-24 05:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-24 05:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 05:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-24 05:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-24 05:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-24 05:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-24 05:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-04 09:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 09:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-04 09:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-04 09:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2004-08-04 09:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-04 09:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-04 09:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2004-08-04 09:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2004-08-04 09:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2004-08-04 09:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 09:00:00 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2004-09-15 16:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-09-15 16:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 02:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2005-01-28 17:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2005-01-28 17:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2004-08-04 09:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2007-11-21 23:06:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-21 23:06:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-21 23:06:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2004-08-04 09:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2007-10-24 05:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2005-09-08 09:20:00 2,496 ----a-w C:\WINDOWS\system32\DLA\DLADResN.SYS
- 2004-09-15 16:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2005-01-28 17:44:28 294,912 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-08-22 12:55:29 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:32:03 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2005-01-28 17:44:28 164,864 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2007-08-22 12:55:30 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 09:32:03 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2004-08-04 03:07:58 2,944 ----a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
- 2005-01-28 17:44:28 502,272 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2007-08-22 12:55:30 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 12:55:31 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-22 12:55:31 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 09:32:04 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-08-21 10:19:39 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:07:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-22 12:55:32 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 09:32:04 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-22 12:55:32 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 09:32:04 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 12:55:32 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 04:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2004-08-04 05:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2005-01-28 17:44:28 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-09-15 16:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 02:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-08-22 12:55:36 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 12:55:37 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2005-01-28 17:44:28 142,336 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-01-28 17:44:28 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2005-01-28 17:44:28 173,568 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2007-08-22 12:55:37 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 09:32:06 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2005-01-28 17:44:28 364,784 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-08-22 12:55:38 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 09:32:07 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2005-01-28 17:44:28 315,904 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-08-22 12:55:38 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2004-03-16 15:58:20 136,960 ----a-w C:\WINDOWS\system32\dllcache\portcls.sys
- 2005-01-28 17:44:28 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-09-15 16:27:54 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 23:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2007-08-22 12:55:40 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-08-22 12:55:41 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2004-08-04 03:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-09-15 16:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-08-22 12:55:43 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 09:32:08 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-03-08 13:47:48 1,843,584 ------w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-08-22 12:55:44 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 09:32:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 17:44:28 396,528 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2005-01-28 17:44:28 716,288 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2005-01-28 17:44:28 224,768 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 22:40:30 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2005-01-28 17:44:28 28,160 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2005-01-28 17:44:28 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-15 16:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2005-01-28 17:44:28 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2005-01-28 17:44:28 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-09-15 16:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-15 16:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 02:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-15 16:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-15 16:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 02:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-15 16:28:00 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-09-15 16:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2005-01-28 17:44:28 774,904 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-01-28 17:44:28 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 17:44:28 413,944 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 17:44:28 940,544 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-01-28 17:44:28 895,736 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2005-01-28 17:44:28 1,003,008 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 09:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2007-07-26 14:25:08 42,112 ----a-r C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
+ 2004-08-04 03:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-09-16 22:11:02 25,300 ----a-w C:\WINDOWS\system32\drivers\MA8512M.sys
+ 2004-09-16 22:11:00 49,106 ----a-w C:\WINDOWS\system32\drivers\MA8512U.sys
+ 2006-06-07 20:41:12 48,724 ----a-w C:\WINDOWS\system32\drivers\ma9kmi00.sys
+ 2006-06-07 20:41:12 48,724 ----a-w C:\WINDOWS\system32\drivers\ma9kmi01.sys
+ 2005-08-18 16:44:50 49,867 ----a-w C:\WINDOWS\system32\drivers\mardp2k.sys
+ 2005-08-18 16:44:48 49,484 ----a-w C:\WINDOWS\system32\drivers\mardpnp.sys
+ 2005-08-18 16:44:44 11,473 ----a-w C:\WINDOWS\system32\drivers\MaVc2K.sys
+ 2005-08-18 16:44:46 24,789 ----a-w C:\WINDOWS\system32\drivers\MaVctrl.sys
- 2007-07-24 12:40:36 79,304 ----a-w C:\WINDOWS\system32\drivers\mfeavfk.sys
+ 2007-11-22 10:44:08 79,304 ----a-w C:\WINDOWS\system32\drivers\mfeavfk.sys
- 2007-07-21 14:08:24 35,240 ----a-w C:\WINDOWS\system32\drivers\mfebopk.sys
+ 2007-11-22 10:44:08 35,240 ----a-w C:\WINDOWS\system32\drivers\mfebopk.sys
- 2007-07-21 14:08:24 201,288 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
+ 2007-11-22 10:44:08 201,320 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
- 2007-07-24 17:02:36 33,800 ----a-w C:\WINDOWS\system32\drivers\mferkdk.sys
+ 2007-11-22 10:44:04 33,832 ----a-w C:\WINDOWS\system32\drivers\mferkdk.sys
- 2007-07-21 14:08:24 40,488 ----a-w C:\WINDOWS\system32\drivers\mfesmfk.sys
+ 2007-12-02 16:51:42 40,488 ----a-w C:\WINDOWS\system32\drivers\mfesmfk.sys
- 2004-08-04 09:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2004-08-04 09:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2004-08-04 09:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-07-26 14:25:12 39,808 ----a-r C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
- 2004-08-04 09:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 03:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2007-07-26 14:25:06 47,360 ----a-r C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-07-26 14:25:06 47,104 ----a-r C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
+ 2006-10-19 02:47:22 671,232 ----a-w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-11-02 12:22:54 492,000 ----a-w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 12:22:52 32,224 ----a-w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2006-11-02 12:00:08 39,368 ----a-w C:\WINDOWS\system32\drivers\winusb.sys
+ 2007-07-26 14:25:06 32,000 ----a-r C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
- 2005-01-28 17:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 01:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 23:55:50 77,568 ----a-w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 00:00:34 82,944 ----a-w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-19 01:00:46 249,856 ----a-w C:\WINDOWS\system32\drmupgds.exe
- 2005-01-28 17:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-11-02 13:09:50 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\TransferCa_497DDC3BB95A7FC36CF0DB899108C7007DBC01B8\WdfCoinstaller01005.dll
+ 2006-11-02 12:07:42 581,192 -c--a-w C:\WINDOWS\system32\DRVSTORE\TransferCa_497DDC3BB95A7FC36CF0DB899108C7007DBC01B8\WinusbCoInstaller.dll
- 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 1999-10-17 23:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2006-10-26 19:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL
- 1999-10-17 23:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2006-10-26 19:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-09-23 14:54:32 1,697,320 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 07:11:11 1,719,392 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-10-26 18:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
- 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2003-11-19 20:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 20:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-04 09:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
- 2004-08-04 04:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 05:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 09:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
- 2005-01-28 17:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2007-03-15 22:19:28 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-11-29 22:30:16 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-08-04 09:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2007-03-27 23:04:28 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-03-27 23:04:32 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-04-08 23:41:17 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-02-13 17:22:19 44,706 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-04 09:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-04 09:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-04 09:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2006-10-19 02:47:14 212,992 ----a-w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-11-02 06:50:32 92,264 ----a-w C:\WINDOWS\system32\MigAutoPlay.exe
+ 2004-08-04 09:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2006-10-19 02:47:14 259,072 ----a-w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 09:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 02:47:14 317,440 ----a-w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 09:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 02:47:14 259,072 ----a-w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 09:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2004-08-04 09:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
- 2006-12-22 16:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-24 05:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2004-07-15 03:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-24 05:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2003-02-20 23:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-24 05:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2006-10-02 20:28:42 312,128 ----a-w C:\WINDOWS\system32\msdelta.dll
+ 2004-08-04 09:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 04:56:58 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-01-28 17:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2005-01-28 17:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2005-01-28 17:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2005-01-28 17:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-01-28 17:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2007-05-15 20:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2005-09-08 06:03:50 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2006-12-22 17:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-24 05:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-11-08 15:56:59 61,052 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-11 07:04:40 89,338 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-08 15:56:59 399,522 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-11 07:04:40 472,208 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-08-11 19:44:06 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-03-07 02:08:24 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2006-08-11 19:44:06 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-03-07 02:08:26 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2006-08-11 19:44:06 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-03-07 02:08:26 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-19 02:47:18 284,160 ----a-w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 02:47:18 101,888 ----a-w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 02:47:18 166,912 ----a-w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 02:47:18 132,096 ----a-w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 02:47:18 199,168 ----a-w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2005-01-28 17:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-01-18 16:15:48 49,237 ----a-r C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ma9kmi01.sys
+ 2006-06-07 20:41:12 48,724 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\ma9kmi01.sys
- 2006-08-11 19:44:10 157,696 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-03-07 02:08:45 157,696 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-08-04 09:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2006-12-10 18:10:02 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-07 05:04:08 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-07 05:04:08 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-10-14 08:51:02 66,264 ----a-w C:\WINDOWS\system32\sqlctr90.dll
+ 2006-04-14 15:07:12 2,222,936 ----a-w C:\WINDOWS\system32\sqlncli.dll
+ 2007-11-29 22:30:16 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
+ 2004-08-04 09:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2004-08-04 09:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2005-01-28 17:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2004-08-04 09:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-08-04 09:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2005-01-28 17:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 02:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-11-02 13:09:50 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
- 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2004-08-04 09:00:00 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-04 09:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 09:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 09:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2004-08-04 09:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2006-11-02 12:00:10 24,136 ----a-w C:\WINDOWS\system32\winusb.dll
+ 2006-11-02 12:07:42 581,192 ----a-w C:\WINDOWS\system32\WinusbCoInstaller.dll
+ 2006-10-26 18:45:04 293,376 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
- 2005-01-28 17:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2005-01-28 17:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2005-01-28 17:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 22:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2005-01-28 17:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2005-01-28 17:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2005-01-28 17:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 02:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2005-01-28 17:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 02:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 02:47:20 535,040 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-15 16:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2005-01-28 17:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2005-01-28 17:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-15 16:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-15 16:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-15 16:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 02:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-09-15 16:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 613,376 ----a-w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 02:47:20 130,048 ----a-w C:\WINDOWS\system32\wmpps.dll
- 2004-09-15 16:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-15 16:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 02:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2005-01-28 17:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-01-28 17:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2005-01-28 17:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2005-01-28 17:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-01-28 17:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2005-01-28 17:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 1,543,680 ----a-w C:\WINDOWS\system32\WMVDECOD.dll
- 2005-01-28 17:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2005-01-28 17:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 1,574,912 ----a-w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 02:47:22 1,382,912 ----a-w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 02:47:22 767,488 ----a-w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 02:47:22 656,896 ----a-w C:\WINDOWS\system32\WMVXENCD.dll
+ 2004-08-04 09:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
- 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 02:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2005-01-28 17:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 02:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2005-01-28 17:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 02:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2005-01-28 17:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 2,603,008 ----a-w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 01:00:14 17,408 ----a-w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 02:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 02:47:22 133,632 ----a-w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2005-01-28 17:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 02:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-29 01:13:26 95,344 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 23:56:38 146,432 ----a-w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 23:56:16 165,376 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 23:56:14 55,808 ----a-w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 23:56:38 316,416 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2007-07-11 22:16:26 1,184,984 ----a-r C:\WINDOWS\system32\wvc1dmod.dll
- 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-05-04 22:11:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2008-04-11 07:04:18 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2006-10-26 18:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-10-24 05:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-24 05:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 05:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
+ 2005-09-23 04:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 04:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 04:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-12-02 03:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 03:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2005-09-23 06:16:02 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-23 06:16:06 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-23 06:16:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-23 06:16:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-10-26 18:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 18:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 18:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 18:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 18:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 18:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 18:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 18:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 18:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2008-04-11 07:04:28 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-11 07:04:28 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2001-03-23 21:29:28 880,912 ----a-w C:\WINDOWS\WM8EUTIL.exe
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 22:24 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 12:10 787696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-11 15:55 169984]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26 110592]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 06:55 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-11 15:44 98304]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 16:03 107008]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 03:22 73728]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-06-01 03:37 196608]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-02-14 15:19 1531904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2007-12-18 12:10 163128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 22:24 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-11 15:41:04 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2006-12-25 09:21:33 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"= C:\WINDOWS\system32\bubbj.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTMgfF]
tuvTMgfF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2007-11-22 12:10 787696 C:\Program Files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 03:48]
S3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS [2005-03-02 14:47]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]
S3 MA8512M;MA8512M;C:\WINDOWS\system32\DRIVERS\MA8512M.sys [2004-09-16 18:11]
S3 MA8512U;MA8512U;C:\WINDOWS\system32\DRIVERS\MA8512U.sys [2004-09-16 18:11]
S3 mamm9000mi00;mamm9000mi00;C:\WINDOWS\system32\Drivers\ma9kmi00.sys [2006-06-07 16:41]
S3 mamm9000mi01;mamm9000mi01;C:\WINDOWS\system32\Drivers\ma9kmi01.sys [2006-06-07 16:41]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2006-09-28 22:41]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 11:04]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 17:02]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 05:25:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 05:00:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 18:12:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-05-04 18:16:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 22:16:07
ComboFix2.txt 2007-11-28 13:50:37

Pre-Run: 21,458,276,352 bytes free
Post-Run: 21,362,982,912 bytes free

1259 --- E O F --- 2008-04-11 07:05:35

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 PM

Posted 04 May 2008 - 08:43 PM

Did you download the latest version of ComboFix? The one you ran looks saveral days old.

Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

I see you did not install Recover Console. :thumbsup: Recovery Console is our safety net so please install it, run ComboFix and post a fresh ComboFix log.



Also, disable your antivirus program before you run ComboFix.

Edited by SifuMike, 04 May 2008 - 09:05 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 kingsteve2002

kingsteve2002
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 05 May 2008 - 12:04 PM

Hi,
I installed recovery console, and downloaded ComboFix from the links provided on BleepingComputer. I couldn't figure out how to exit the Mcaffee. Right-clicking did not give me an exit option. Here's the new log. Thanks.


ComboFix 08-05-01.3 - cs 2008-05-05 8:45:57.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.499 [GMT -4:00]
Running from: C:\Documents and Settings\cs\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\cs\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-04-30 17:49 . 2008-04-30 17:49 <DIR> d-------- C:\Deckard
2008-04-30 17:21 . 2008-04-30 17:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 13:36 . 2008-04-14 13:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-11 11:02 . 2008-04-29 17:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 11:02 . 2008-04-11 11:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 17:52 . 2008-04-09 17:52 <DIR> d-------- C:\Program Files\NCH Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 09:54 --------- d-----w C:\Program Files\SpiralFrog
2008-05-05 02:41 47,358 ----a-w C:\Documents and Settings\cs\Application Data\wklnhst.dat
2008-05-04 18:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-04 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-04 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-04 15:48 --------- d-----w C:\Program Files\Dl_cats
2008-04-29 15:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-29 15:28 --------- d-----w C:\Documents and Settings\cs\Application Data\SUPERAntiSpyware.com
2008-04-29 15:26 --------- d-----w C:\Program Files\Dell
2008-04-13 07:40 --------- d-----w C:\Program Files\McAfee
2008-04-09 21:42 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-09 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 05:30 137,304 ----a-w C:\Documents and Settings\cs\Application Data\GDIPFONTCACHEV1.DAT
2008-04-02 19:52 --------- d-----w C:\Documents and Settings\cs\Application Data\AdobeUM
2008-03-25 20:05 --------- d-----w C:\Program Files\VideoLAN
2008-03-25 05:26 --------- d-----w C:\Documents and Settings\cs\Application Data\MozillaControl
2008-03-25 05:13 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-03-21 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-21 15:50 26,112 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2008-03-21 15:50 --------- d-----w C:\Documents and Settings\cs\Application Data\NCH Swift Sound
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-07 02:08 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-03-07 02:08 --------- d-----w C:\Program Files\Real
2008-03-07 02:08 --------- d-----w C:\Program Files\Common Files\Real
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-03 15:00 250 ----a-w C:\Documents and Settings\cs\bitpim.dat
2007-11-22 19:19 50,688 ----a-w C:\Program Files\ATF-Cleaner.exe
2002-07-26 22:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2007-07-19 22:14 88 --sh--r C:\WINDOWS\system32\52C1C715A2.sys
2007-07-19 22:14 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-04_18.15.42.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 22:11:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 01:52:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-05 12:20:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-05 12:20:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 12:20:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 01:52:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 22:24 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 12:10 787696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-11 15:55 169984]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26 110592]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 06:55 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-11 15:44 98304]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 16:03 107008]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 03:22 73728]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-06-01 03:37 196608]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-02-14 15:19 1531904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2007-12-18 12:10 163128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 22:24 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-11 15:41:04 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2006-12-25 09:21:33 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"= C:\WINDOWS\system32\bubbj.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTMgfF]
tuvTMgfF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2007-11-22 12:10 787696 C:\Program Files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 03:48]
S3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS [2005-03-02 14:47]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]
S3 MA8512M;MA8512M;C:\WINDOWS\system32\DRIVERS\MA8512M.sys [2004-09-16 18:11]
S3 MA8512U;MA8512U;C:\WINDOWS\system32\DRIVERS\MA8512U.sys [2004-09-16 18:11]
S3 mamm9000mi00;mamm9000mi00;C:\WINDOWS\system32\Drivers\ma9kmi00.sys [2006-06-07 16:41]
S3 mamm9000mi01;mamm9000mi01;C:\WINDOWS\system32\Drivers\ma9kmi01.sys [2006-06-07 16:41]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2006-09-28 22:41]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 11:04]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 17:02]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 05:25:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 05:00:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 08:48:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-05 8:49:37
ComboFix-quarantined-files.txt 2008-05-05 12:49:29
ComboFix2.txt 2008-05-04 22:16:17
ComboFix3.txt 2007-11-28 13:50:37

Pre-Run: 21,363,810,304 bytes free
Post-Run: 21,343,760,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

175 --- E O F --- 2008-04-11 07:05:35

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 PM

Posted 05 May 2008 - 03:29 PM

Hi kingsteve2002,

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

Registry:: 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTMgfF]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 kingsteve2002

kingsteve2002
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 08 May 2008 - 11:15 PM

Sorry for the delay. Here are the new logs. Thanks.

ComboFix 08-05-08.1 - cs 2008-05-08 23:48:44.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.563 [GMT -4:00]
Running from: C:\Documents and Settings\cs\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\cs\Desktop\cfscript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-08 22:53 . 2008-05-08 22:53 <DIR> d-------- C:\Program Files\FreeUndelete
2008-05-05 13:48 . 2008-05-05 13:48 1,157 --a------ C:\WINDOWS\mozver.dat
2008-04-30 17:49 . 2008-04-30 17:49 <DIR> d-------- C:\Deckard
2008-04-30 17:21 . 2008-04-30 17:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 13:36 . 2008-04-14 13:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-11 11:02 . 2008-05-08 11:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 11:02 . 2008-04-11 11:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 17:52 . 2008-04-09 17:52 <DIR> d-------- C:\Program Files\NCH Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 03:47 --------- d-----w C:\Program Files\SpiralFrog
2008-05-09 01:48 47,396 ----a-w C:\Documents and Settings\cs\Application Data\wklnhst.dat
2008-05-04 18:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-04 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-04 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-04 15:48 --------- d-----w C:\Program Files\Dl_cats
2008-04-29 15:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-29 15:28 --------- d-----w C:\Documents and Settings\cs\Application Data\SUPERAntiSpyware.com
2008-04-29 15:26 --------- d-----w C:\Program Files\Dell
2008-04-13 07:40 --------- d-----w C:\Program Files\McAfee
2008-04-09 21:42 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-09 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 05:30 137,304 ----a-w C:\Documents and Settings\cs\Application Data\GDIPFONTCACHEV1.DAT
2008-04-02 19:52 --------- d-----w C:\Documents and Settings\cs\Application Data\AdobeUM
2008-03-25 20:05 --------- d-----w C:\Program Files\VideoLAN
2008-03-25 05:26 --------- d-----w C:\Documents and Settings\cs\Application Data\MozillaControl
2008-03-25 05:13 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-03-21 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-21 15:50 26,112 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2008-03-21 15:50 --------- d-----w C:\Documents and Settings\cs\Application Data\NCH Swift Sound
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-03 15:00 250 ----a-w C:\Documents and Settings\cs\bitpim.dat
2007-11-22 19:19 50,688 ----a-w C:\Program Files\ATF-Cleaner.exe
2002-07-26 22:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2007-07-19 22:14 88 --sh--r C:\WINDOWS\system32\52C1C715A2.sys
2007-07-19 22:14 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-04_18.15.42.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 22:11:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 03:45:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-09 03:09:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-09 03:09:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-04 17:07:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 03:09:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 03:45:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_88.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 22:24 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 12:10 787696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-11 15:55 169984]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26 110592]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 06:55 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-11 15:44 98304]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 16:03 107008]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 03:22 73728]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-06-01 03:37 196608]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-02-14 15:19 1531904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2007-12-18 12:10 163128]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2005-09-26 20:34 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 22:24 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-11 15:41:04 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2006-12-25 09:21:33 884838]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2007-11-22 12:10 787696 C:\Program Files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS [2005-03-02 14:47]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 03:48]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]
S3 MA8512M;MA8512M;C:\WINDOWS\system32\DRIVERS\MA8512M.sys [2004-09-16 18:11]
S3 MA8512U;MA8512U;C:\WINDOWS\system32\DRIVERS\MA8512U.sys [2004-09-16 18:11]
S3 mamm9000mi00;mamm9000mi00;C:\WINDOWS\system32\Drivers\ma9kmi00.sys [2006-06-07 16:41]
S3 mamm9000mi01;mamm9000mi01;C:\WINDOWS\system32\Drivers\ma9kmi01.sys [2006-06-07 16:41]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2006-09-28 22:41]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 11:04]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 17:02]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - BKNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 05:25:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 05:00:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 23:51:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-08 23:52:57
ComboFix-quarantined-files.txt 2008-05-09 03:52:44
ComboFix2.txt 2008-05-05 12:49:38
ComboFix3.txt 2008-05-04 22:16:17
ComboFix4.txt 2007-11-28 13:50:37

Pre-Run: 21,222,100,992 bytes free
Post-Run: 21,204,414,464 bytes free

174 --- E O F --- 2008-04-11 07:05:35



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:22 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?C...Field2=-74.2119
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169511371\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL WIKI.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10106 bytes

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 PM

Posted 08 May 2008 - 11:36 PM

Hi kingsteve2002,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Sun Java Runtime Environment 6 Update 6.
  • Scroll down to where it says "Sun Java Runtime Environment 6 Update 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6u6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
*******************************************

Download CCleaner and install it. (default location is best). Do not run it yet!

Beginners Guide to CCleaner

*******************************************

Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix checked"

O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues or Registry button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Autocomplete Forum History.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section except for Start Menu Shortcuts and Desktop Shortcuts.
Clean any others that you choose.

In the Applications Tab:
Clean all including cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Reboot your computer, post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 PM

Posted 15 May 2008 - 04:20 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users