Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Downloader And Browser Hijacker, Need Help Removing


  • This topic is locked This topic is locked
8 replies to this topic

#1 jmto2241

jmto2241

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 04 July 2008 - 10:07 AM

I downloaded a program using UTorrent (stupid). I understood the risks and have never had a problem... until now (sooo stupid). I first used AVG and found/quarentined several Trojans. AVG wouldn't let me export or copy/paste the results so screenshot is attached as .BMP. Then I ran the other programs as the directions indicated. Thanks for any help! Here are the logs for HijackThis, Deckard, Kapersky and AVG results as well. Also, upon startup an error dislpays saying: Error loading Windows\System32\efcYDkkj.dll. I have found this file in the AVG Virus vault as seen in the attached . BMP.


AVG Scan:

See Attached BMP file



Kaspersky Scan Results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 3, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 04, 2008 01:53:43
Records in database: 911773
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 100452
Threat name: 3
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 03:05:51


File name / Threat name / Threats count
dwm.exe\lsictenl.dll/dwm.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
explorer.exe\lsictenl.dll/explorer.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
MSASCui.exe\lsictenl.dll/MSASCui.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
rundll32.exe\lsictenl.dll/rundll32.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
ehtray.exe\lsictenl.dll/ehtray.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
wmpnscfg.exe\lsictenl.dll/wmpnscfg.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
ehmsas.exe\lsictenl.dll/ehmsas.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
iexplore.exe\lsictenl.dll/iexplore.exe\lsictenl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yeb 1
C:\Program Files\PCHealthCenter\0.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.z 1
C:\Program Files\PCHealthCenter\3.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x 1
C:\Windows\SysAFB7.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x 1

The selected area was scanned.



Deckard Results:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2080 @ 1.73GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 2045.56 MiB / 982.98 MiB
Pagefile Memory (total/avail): 4308.93 MiB / 3048.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.31 MiB

C: is Fixed (NTFS) - 225.95 GiB total, 159.6 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick0 Device

\\.\PHYSICALDRIVE2 - SD1 Device

\\.\PHYSICALDRIVE0 - ST3250820AS ATA Device - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 6.93 GiB
\PARTITION1 (bootable) - Installable File System - 225.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Spy Sweeper v5.3.2.2361 (Webroot Software Inc) Outdated
AS: Norton Internet Security v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Gina and Justin\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GINAANDJUSTI-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Gina and Justin
LOCALAPPDATA=C:\Users\Gina and Justin\AppData\Local
LOGONSERVER=\\GINAANDJUSTI-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\GINAAN~1\AppData\Local\Temp
TMP=C:\Users\GINAAN~1\AppData\Local\Temp
USERDOMAIN=GinaandJusti-PC
USERNAME=Gina and Justin
USERPROFILE=C:\Users\Gina and Justin
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Gina and Justin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> Dummy
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04A6FA31-F1A6-426E-9DB4-276FD7FEB91B}\setup.exe" -l0x9 -removeonly
AOL Toolbar 4.0 --> "C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AppMon Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C44C027-7B9F-46F1-8FD8-5767403A7CA5}\SETUP.exe" -l0x9 -removeonly
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Be-Intouch 6.1.0.27 --> "C:\Program Files\Be-Intouch\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Click to DVD 2.0.05 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire --> MsiExec.exe /I{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DSD Direct --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}\setup.exe" -l0x9 -removeonly
DSD Playback Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}\setup.exe" -l0x9 -removeonly
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
GradeQuick --> C:\Windows\uninst.exe -fC:\GQWIN\DeIsL1.isu -cC:\GQWIN\_ISREG32.DLL
Grouper Screen Saver 1.0 --> "C:\Program Files\Grouper Networks\Grouper Screen Saver\unins000.exe"
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\HXFSETUP.EXE -U -ISnSZIRXz.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Image Converter 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFB6AFBA-88B1-48A7-AF52-BA59BA5F183B}\setup.exe" -l0x9 /CONPANE -removeonly
Interbank FX Trader 4.00 --> "C:\Program Files\Interbank FX Trader 4\Uninstall.exe" "C:\Program Files\Interbank FX Trader 4\install.log"
Internet Explorer Zoom Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCC2C6AD-BCFA-4E93-9119-2F363E85BACB}\SETUP.exe" -l0x9 -removeonly
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Lame ACM MP3 Codec --> C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
Lexmark Z700-P700 Series --> C:\Program Files\Lexmark Z700-P700 Series\Install\x86\Uninst.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
LocationFree Player --> MsiExec.exe /I{D937DD80-3928-4617-876F-538A25AECB17}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motion Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6727074-BF89-4A3E-A5F7-CB36C521E674}\Setup.exe" -l0x9 CTRL_PANEL
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenMG Limited Patch 4.7-07-13-24-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-13-24-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PixiePack Codec Pack --> MsiExec.exe /I{582610B8-E496-4813-993C-4B027173FE38}
QuickBooks Product Listing Service --> MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickBooks Simple Start Free Starter Edition --> msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Free Starter Edition" ADDREMOVE=1 OEMVENDOR=SONY
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Roxio Easy Media Creator Home --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Setting Utility Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Simple Start Entice --> MsiExec.exe /I{337CBC16-F6F3-411A-9A3F-DB21C57BFDFD}
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Audio Filter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Audio Filter Custom Preset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\SETUP.exe" -l0x9 -removeonly
SonicStage Mastering Studio Plugins --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x9 -removeonly
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\SETUP.exe" -l0x9 -removeonly
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\SETUP.exe" -l0x9 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spiderman 3 XXXX --> C:\Windows\system32\Spiderman 3.scr /u
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tunebite --> MsiExec.exe /I{920C3228-F3F5-4A9B-A5BD-1D9AE41A9EDA}
VAIO Action Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\SETUP.exe" -l0x9 -removeonly
VAIO Azure Float Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0312BD0D-A1FE-4E1A-9208-D436F566D867}\SETUP.exe" -l0x9 -removeonly
VAIO Camera Capture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\SETUP.exe" -l0x9 -removeonly
VAIO Camera Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1417F599-1DBD-4499-9375-B2813E9F890C}\SETUP.exe" -l0x9 -removeonly
VAIO Center Access Bar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C299F969-AE3D-4679-ADF5-682A186CE62E}\SETUP.exe" -l0x9 -removeonly
VAIO Central --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\SETUP.exe" -l0x9 -removeonly
VAIO Entertainment Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E74F7423-77CB-4F6A-A44D-604E1010FE50}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\SETUP.exe" -l0x9 -removeonly
VAIO Event Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\SETUP.exe" -l0x9 -removeonly
VAIO Floral Dusk Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B59B3DA8-06F8-4B4C-AE94-5180753EF108}\SETUP.exe" -l0x9 -removeonly
VAIO Help And Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D716354-2C08-48DC-9AC5-957348048817}\SETUP.exe" -l0x9 -removeonly
VAIO Media 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Content Collection 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Integrated Server 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO OOBE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B500D37-E7CF-480B-8054-8A563594EC4E}\SETUP.exe" -l0x9 -removeonly
VAIO Photo 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}\SETUP.exe" -l0x9 -removeonly
VAIO Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BABC878D-BB64-4688-9A88-1D9E88F339A9}\setup.exe" -l0x9 -removeonly
VAIO Security Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}\setup.exe" -l0x9 -removeonly
VAIO Service Utility --> C:\Program Files\Sony\VAIO Service Utility\uninstall.exe
VAIO Survey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34B37A74-125E-4406-87BA-E4BD3D097AE5}\setup.exe" -l0x9 -removeonly
VAIO Teal Whisper Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235915A8-1C0D-4920-95EA-FE8B773E5F57}\SETUP.exe" -l0x9 -removeonly
VAIO Update 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\SETUP.exe" -l0x9 -removeonly
VAIO Video & Photo Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe" -l0x9 -removeonly
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinDVD for VAIO --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409


-- Application Event Log -------------------------------------------------------

Event Record #/Type19434 / Error
Event Submitted/Written: 07/03/2008 10:03:58 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6e6f385f-c990-4347-b386-0719bade9542}

Event Record #/Type19433 / Error
Event Submitted/Written: 07/03/2008 09:52:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01310ef1,
process id 0x12fc, application start time 0xrundll32.exe0.

Event Record #/Type19420 / Error
Event Submitted/Written: 07/03/2008 08:09:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ccApp.exe, version 106.2.0.21, time stamp 0x45a467ef, faulting module NSCWSCR2.DLL, version 2007.4.0.2, time stamp 0x468eb2ed, exception code 0xc0000005, fault offset 0x0001ca18,
process id 0xc64, application start time 0xccApp.exe0.

Event Record #/Type19409 / Success
Event Submitted/Written: 07/03/2008 08:08:16 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type19403 / Success
Event Submitted/Written: 07/03/2008 08:08:10 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type53358 / Warning
Event Submitted/Written: 07/03/2008 11:43:30 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GinaandJusti-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GinaandJusti-PC27 can't undo changes that you allow.

For more information please see the following:
%GinaandJusti-PC275

Scan ID: {424107B1-DE4A-4C2C-BDC2-A179F36E6D7D}

User: GinaandJusti-PC\Gina and Justin

Name: %GinaandJusti-PC271

ID: %GinaandJusti-PC272

Severity ID: %GinaandJusti-PC273

Category ID: %GinaandJusti-PC274

Path Found: %GinaandJusti-PC276

Alert Type: %GinaandJusti-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53357 / Warning
Event Submitted/Written: 07/03/2008 11:43:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GinaandJusti-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GinaandJusti-PC27 can't undo changes that you allow.

For more information please see the following:
%GinaandJusti-PC275

Scan ID: {EA3B8CC2-7A52-47A0-B9E1-1D450BB4695E}

User: GinaandJusti-PC\Gina and Justin

Name: %GinaandJusti-PC271

ID: %GinaandJusti-PC272

Severity ID: %GinaandJusti-PC273

Category ID: %GinaandJusti-PC274

Path Found: %GinaandJusti-PC276

Alert Type: %GinaandJusti-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53356 / Warning
Event Submitted/Written: 07/03/2008 11:43:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GinaandJusti-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GinaandJusti-PC27 can't undo changes that you allow.

For more information please see the following:
%GinaandJusti-PC275

Scan ID: {2582CEFB-5824-4CBA-BA13-8A88CBB6C1C7}

User: GinaandJusti-PC\Gina and Justin

Name: %GinaandJusti-PC271

ID: %GinaandJusti-PC272

Severity ID: %GinaandJusti-PC273

Category ID: %GinaandJusti-PC274

Path Found: %GinaandJusti-PC276

Alert Type: %GinaandJusti-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53330 / Error
Event Submitted/Written: 07/03/2008 09:44:33 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
SigmaTel Audio Service1

Event Record #/Type53328 / Success
Event Submitted/Written: 07/03/2008 09:43:26 PM
Event ID/Source: 10111 / Microsoft-Windows-DriverFrameworks-UserMode
Event Description:
{A8D40706-5A1E-4A03-BE37-35FA26628449}Microsoft WPD FileSystem Volume Driver(unknown)WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&80D1681&0&002#5



-- End of Deckard's System Scanner: finished at 2008-07-03 23:44:42 ------------





HijackThis Results:


Deckard's System Scanner v20071014.68
Run by Gina and Justin on 2008-07-04 09:37:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gina and Justin.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:33 AM, on 7/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Windows\System32\mpxu.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Users\Gina and Justin\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GINAAN~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4E3E60F5-F691-475F-AFBA-CF9FCAB47C15} - C:\Windows\system32\efcYSkkj.dll (file missing)
O2 - BHO: (no name) - {774DF954-FF40-4A10-8D43-7E5A696D1B23} - C:\Windows\system32\geBrrOEV.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: QXK Olive - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - C:\Windows\kgqfweltgbn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ca947a70] rundll32.exe "C:\Windows\system32\lsictenl.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\efcYSkkj.dll,#1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10903 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-03 21:07:26 0 d-------- C:\Windows\system32\778670
2008-07-03 18:39:19 0 d-------- C:\Program Files\Trend Micro
2008-07-03 18:17:49 0 d--h----- C:\$AVG8.VAULT$
2008-07-03 15:27:26 0 d-------- C:\Windows\system32\drivers\Avg
2008-07-03 15:26:56 0 d-------- C:\Program Files\AVG
2008-07-03 15:26:54 0 d-------- C:\Users\All Users\avg8
2008-07-03 15:15:56 91520 --a------ C:\Windows\system32\lsictenl.dll
2008-07-03 15:12:22 231601 --ahs---- C:\Windows\system32\VEOrrBeg.ini2
2008-07-03 15:12:18 318720 --a------ C:\Windows\system32\geBrrOEV.dll
2008-07-03 15:03:21 352256 --a------ C:\Windows\kgqfweltgbn.dll
2008-07-03 15:02:20 0 d-------- C:\Program Files\VAV
2008-07-03 15:02:13 30208 --a------ C:\Windows\SysAFB7.exe
2008-07-03 15:02:02 0 d-------- C:\Program Files\PCHealthCenter
2008-07-02 18:26:52 345 --ahs---- C:\Windows\system32\QrtAGNnn.ini2
2008-06-29 14:51:02 58594 --a------ C:\Windows\system32\mpx.exe
2008-06-29 00:33:18 18944 --a------ C:\Windows\system32\mpxu.exe
2008-06-23 17:25:28 0 d-------- C:\perflogs


-- Find3M Report ---------------------------------------------------------------

2008-07-03 15:20:37 0 d-------- C:\Users\Gina and Justin\AppData\Roaming\Vso
2008-07-03 15:20:37 33 --a------ C:\Users\Gina and Justin\AppData\Roaming\pcouffin.log
2008-07-03 15:20:35 7887 --a------ C:\Users\Gina and Justin\AppData\Roaming\pcouffin.cat
2008-07-02 18:45:04 0 d-------- C:\Users\Gina and Justin\AppData\Roaming\uTorrent
2008-07-02 18:16:20 0 d-------- C:\Program Files\DVDFab Platinum 3
2008-06-09 20:43:39 0 d-------- C:\Users\Gina and Justin\AppData\Roaming\tunebite
2008-04-05 09:12:00 34308 --a------ C:\Windows\system32\Chip.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E3E60F5-F691-475F-AFBA-CF9FCAB47C15}]
C:\Windows\system32\efcYSkkj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{774DF954-FF40-4A10-8D43-7E5A696D1B23}]
07/03/2008 03:12 PM 318720 --a------ C:\Windows\system32\geBrrOEV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}]
07/03/2008 12:45 PM 352256 --a------ C:\Windows\kgqfweltgbn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/02/2006 07:34 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" []
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" []
"Persistence"="C:\Windows\system32\igfxpers.exe" []
"AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [02/02/2007 02:03 PM]
"VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [03/01/2007 05:59 PM]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 04:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 04:45 AM C:\Windows\System32\rundll32.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
"ca947a70"="C:\Windows\system32\lsictenl.dll" [07/03/2008 03:15 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 10:03 PM]
"MSServer"="C:\Windows\system32\efcYSkkj.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]
"mpx"="c:\WINDOWS\system32\mpx.exe" [06/29/2008 02:51 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [3/13/2007 1:42:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4E3E60F5-F691-475F-AFBA-CF9FCAB47C15}"= C:\Windows\system32\efcYSkkj.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 02/13/2007 05:19 PM 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\geBrrOEV

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
"C:\Program Files\Napster\napster.exe" /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
"C:\Program Files\Intuit\SimpleStartEntice\entice.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
"c:\program files\sony\VAIO Center Access Bar\VCAB.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
"C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
"rundll32.exe" oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{135f4276-fc51-11dc-9f31-0013a9f737e6}]
AutoRun\command- G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c474431b-9bb3-11dc-9e3a-0013a9f737e6}]
AutoRun\command- I:\setupSNK.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-04 09:39:39 ------------

Attached Files


Edited by jmto2241, 04 July 2008 - 10:11 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 AM

Posted 05 July 2008 - 04:41 PM

Hello Jmto2241 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 jmto2241

jmto2241
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 July 2008 - 11:29 AM

Thank You Thunder! The fix worked without any problems. Now I'm running sfc.exe /scannow to be sure all the integrity of win vista is intact. Do you have any other suggestions that may be useful in returning my OS to "like new" condition?

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 AM

Posted 06 July 2008 - 01:49 PM

Hello Jmto2241,

Yes, my first suggestion would be to post the logs I asked for,
so I can check if any malware is still present. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 jmto2241

jmto2241
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 July 2008 - 05:39 PM

Ah, good point. Must've been too excited about functionality being restored and forgot to post results. Anyway, here they are:


Malwarebytes' Anti-Malware 1.19

Malwarebytes' Anti-Malware 1.19
Database version: 921
Windows 6.0.6000

2:56:37 PM 7/4/2008
mbam-log-7-4-2008 (14-56-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 22268
Time elapsed: 14 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\geBrrOEV.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a06fbba2-6873-44ea-8a3f-fe8872b97a01} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a06fbba2-6873-44ea-8a3f-fe8872b97a01} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50365571-a7c7-47b3-854d-f45fdfc6687e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aaaac6f5-a653-4b2a-9c02-8ebd19366183} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{da6ebdce-4207-455c-b9db-c3fa5e440c20} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec77eafc-62d0-42b4-b2fb-64d6b18c5bdd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec77eafc-62d0-42b4-b2fb-64d6b18c5bdd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e3e60f5-f691-475f-afba-cf9fcab47c15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e3e60f5-f691-475f-afba-cf9fcab47c15} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4e3e60f5-f691-475f-afba-cf9fcab47c15} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrroev -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrroev -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\geBrrOEV.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\VEOrrBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\VEOrrBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\kgqfweltgbn.dll (Trojan.FakeAlert) -> Delete on reboot.





HijackThis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:58 PM, on 7/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Windows\System32\mpxu.exe
C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - (no file)
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9856 bytes




Combo Fix


ComboFix 08-07-04.1 - Gina and Justin 2008-07-04 15:39:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1261 [GMT -5:00]
Running from: C:\Users\Gina and Justin\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\Users\Gina and Justin\AppData\Roaming\inst.exe
C:\Windows\System32\778670
C:\Windows\System32\778670\778670.dll
C:\Windows\system32\geBrrOEV.dll
C:\Windows\system32\lnetcisl.ini
C:\Windows\System32\QrtAGNnn.ini
C:\Windows\System32\QrtAGNnn.ini2
C:\Windows\system32\sex1.ico
C:\Windows\system32\sex2.ico
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 19:56 352,256 ------w C:\Windows\kgqfweltgbn.dll
2008-07-04 19:41 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\Malwarebytes
2008-07-04 19:41 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 19:40 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-04 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 15:48 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\InstallShield
2008-07-04 03:03 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-04 03:02 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-03 23:39 --------- d-----w C:\Program Files\Trend Micro
2008-07-03 20:32 --------- d-----w C:\ProgramData\avg8
2008-07-03 20:26 --------- d-----w C:\Program Files\AVG
2008-07-03 20:20 47,360 ----a-w C:\Users\Gina and Justin\AppData\Roaming\pcouffin.sys
2008-07-03 20:20 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\Vso
2008-07-02 23:45 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\uTorrent
2008-07-02 23:16 87,608 ----a-w C:\Users\Gina and Justin\AppData\Roaming\ezpinst.exe
2008-07-02 23:16 --------- d-----w C:\Program Files\DVDFab Platinum 3
2008-07-02 02:31 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-28 19:16 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-28 19:16 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-10 01:43 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\tunebite
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-30 21:04 880 ----a-w C:\Program Files\uDigestV2.vib
2008-03-30 21:04 8,186 ----a-w C:\Program Files\sys32init.clx
2008-03-30 21:04 8,186 ----a-w C:\Program Files\clogo2.bmp
2008-03-30 21:04 400 ----a-w C:\Program Files\uDigestV1.via
2008-03-30 21:04 3,760 ----a-w C:\Program Files\uDigestV4.vid
2008-03-30 21:04 21,538 ----a-w C:\Program Files\dll32sys.clx
2008-03-30 21:04 21,538 ----a-w C:\Program Files\clogo1.bmp
2008-03-30 21:04 160 ----a-w C:\Program Files\i32verx.dll
2008-03-30 21:04 1,840 ----a-w C:\Program Files\uDigestV3.vic
2007-11-21 22:32 1,132,112 ----a-w C:\Users\All Users\pswi_preloaded.exe
2007-11-21 22:32 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"mpx"="c:\WINDOWS\system32\mpx.exe" [2008-06-29 14:51 58594]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2007-02-02 14:03 415864]
"VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2007-03-01 17:59 2322432]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-08 07:22 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-08 07:22 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 22:03 1232152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2007-03-13 13:42:45 448632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 17:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
--a------ 2007-01-31 00:59 371712 C:\Program Files\Intuit\SimpleStartEntice\entice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
--a------ 2007-03-06 17:22 36864 c:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a------ 2007-02-07 21:43 411768 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2006-12-06 20:08 577536 C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 07:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC55E9A7-838D-497F-9ED9-F72FBF9210F8}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{999490A7-6F93-4B4B-AA8E-01406F628B67}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{47EFF052-D88B-44F1-8F45-8B227EC4ADDD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2B9D25AC-6DA2-44EC-860C-3372F99F4AE1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BAF173E8-2498-40AA-BEB9-7D39FCDA7E78}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{EB725C22-08CA-4359-A389-CB1AB0284429}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{F138C585-0658-43B4-95AD-0E1778CC6937}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{64730062-397E-48A5-841C-492045DA8617}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{5A36C8EC-6669-40A3-8CB8-5E10BD0F8FE8}"= UDP:C:\Windows\System32\lxblcoms.exe:Lexmark Communications System
"{6A3C12BC-71CD-4B7C-A959-4015A9873BF1}"= TCP:C:\Windows\System32\lxblcoms.exe:Lexmark Communications System
"{5410818B-34FE-4011-8013-844914092F7F}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Printer Status Window
"{E2A54481-E7C1-4717-9D60-7CBFB057A140}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Printer Status Window
"{742075FC-A754-4CE9-9949-321CB4549938}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6FF4026A-87DF-481E-A695-FEA2D9555962}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C9F5268C-6BC0-444B-8AFC-7A9E03BD5918}"= UDP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{0EEC38B8-18EE-48EA-A24C-D26CA28B2797}"= TCP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{B8E4C276-60D8-482F-8C1F-C4B815753671}"= UDP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{C6F7A2C7-DF66-453D-A929-A3C39DF96BE3}"= TCP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{633D9713-27ED-41EA-99D9-EFB7D9328D91}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{3D47E86D-2E84-4EEC-A837-349DD952A54D}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{476338AD-043D-4FCF-9F59-56FE86CE9794}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6ED161A7-DA37-463C-932A-A9D09EB7231B}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{52CA5884-5215-49CC-9A28-BE13D5AE5203}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7257F0BD-662C-41C2-BF7C-D351D86F1372}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C43E8FFD-9628-4DD2-9B5F-875F9E120DA7}"= Disabled:UDP:C:\Windows\System32\mpxu.exe:mpxu
"{02590F4D-F28A-431C-BA15-E84C3E968996}"= Disabled:TCP:C:\Windows\System32\mpxu.exe:mpxu
"{490E5182-F3F9-4A97-862D-ABA011293672}"= Disabled:UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{5333B407-41C4-44F2-A65B-611D11D153D7}"= Disabled:TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-03 22:02]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080116.003\IDSvix86.sys [2007-11-06 18:28]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-03 22:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{135f4276-fc51-11dc-9f31-0013a9f737e6}]
\shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c474431b-9bb3-11dc-9e3a-0013a9f737e6}]
\shell\AutoRun\command - I:\setupSNK.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 01:02:42 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Gina and Justin.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - (no file)
HKLM-Run-IgfxTray - C:\Windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - C:\Windows\system32\hkcmd.exe
HKLM-Run-Persistence - C:\Windows\system32\igfxpers.exe
MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 15:46:57
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-07-04-0946.kc 149444 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mpxu.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\lxblcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\STACSV.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-07-04 15:54:35 - machine was rebooted [Gina and Justin]
ComboFix-quarantined-files.txt 2008-07-04 20:52:39

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 162,114,846,720 bytes free

240 --- E O F --- 2008-07-02 22:16:32



#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 AM

Posted 07 July 2008 - 03:55 AM

Hello Jmto2241,

Looking much better :thumbsup:

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/155835/trojan-downloader-and-browser-hijacker-need-help-removing/
Collect::[9]
C:\Windows\kgqfweltgbn.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 jmto2241

jmto2241
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 07 July 2008 - 08:31 PM

Before going any further, I want to mention to anyone reading this post what a great job you all have done with no expectations other than me following directions. It is truly appreciated!!!!!

Okay, I'm noticing that Windows Explorer does occasionally hang and display "not responding" usually when more than one is open and a selection to run a program is selected. Never had this problem before.

I ran the ComboFix and everything happened as you said until I tried to send the zip. After clicking send, my internet connection became disabled so I don't know if you did or did not get the file. Here are the logs anyway:

Combo Fix


ComboFix 08-07-04.1 - Gina and Justin 2008-07-07 19:53:30.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1263 [GMT -5:00]
Running from: C:\Users\Gina and Justin\Desktop\AV Stuff\ComboFix.exe
Command switches used :: C:\Users\Gina and Justin\Desktop\AV Stuff\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\kgqfweltgbn.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 02:04 --------- d-----w C:\ProgramData\RapidSolution
2008-07-07 01:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 01:09 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\uTorrent
2008-07-07 01:09 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-06 21:55 174 --sha-w C:\Program Files\desktop.ini
2008-07-06 21:51 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 21:51 --------- d-----w C:\Program Files\Windows Defender
2008-07-06 21:51 --------- d-----w C:\Program Files\Windows Calendar
2008-07-04 19:41 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\Malwarebytes
2008-07-04 19:41 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 19:40 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-04 15:48 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\InstallShield
2008-07-04 03:03 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-04 03:02 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-04 03:02 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-07-03 23:39 --------- d-----w C:\Program Files\Trend Micro
2008-07-03 20:32 --------- d-----w C:\ProgramData\avg8
2008-07-03 20:26 --------- d-----w C:\Program Files\AVG
2008-07-03 20:20 47,360 ----a-w C:\Users\Gina and Justin\AppData\Roaming\pcouffin.sys
2008-07-03 20:20 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\Vso
2008-07-02 23:16 87,608 ----a-w C:\Users\Gina and Justin\AppData\Roaming\ezpinst.exe
2008-07-02 23:16 --------- d-----w C:\Program Files\DVDFab Platinum 3
2008-07-02 02:31 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-29 19:51 58,594 ----a-w C:\Windows\System32\mpx.exe
2008-06-29 05:33 18,944 ----a-w C:\Windows\System32\mpxu.exe
2008-06-28 19:16 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-28 19:16 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-10 01:43 --------- d-----w C:\Users\Gina and Justin\AppData\Roaming\tunebite
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-30 21:04 880 ----a-w C:\Program Files\uDigestV2.vib
2008-03-30 21:04 8,186 ----a-w C:\Program Files\sys32init.clx
2008-03-30 21:04 8,186 ----a-w C:\Program Files\clogo2.bmp
2008-03-30 21:04 400 ----a-w C:\Program Files\uDigestV1.via
2008-03-30 21:04 3,760 ----a-w C:\Program Files\uDigestV4.vid
2008-03-30 21:04 21,538 ----a-w C:\Program Files\dll32sys.clx
2008-03-30 21:04 21,538 ----a-w C:\Program Files\clogo1.bmp
2008-03-30 21:04 160 ----a-w C:\Program Files\i32verx.dll
2008-03-30 21:04 1,840 ----a-w C:\Program Files\uDigestV3.vic
2007-11-21 22:32 1,132,112 ----a-w C:\Users\All Users\pswi_preloaded.exe
2007-11-21 22:32 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-04_15.51.36.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 09:46:02 2,143,232 ----a-w C:\Windows\AppPatch\AcGenral.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
- 2006-11-02 09:46:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
- 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2006-11-02 09:46:02 445,952 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
- 2006-11-02 09:46:02 172,544 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
- 2006-11-02 12:35:33 136,192 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
- 2006-11-02 12:35:34 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
- 2006-11-02 12:35:33 143,360 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
- 2006-11-02 12:35:28 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
- 2006-11-02 12:35:29 4,370,432 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
- 2006-11-02 12:35:33 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
- 2006-11-02 12:35:30 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
- 2006-11-02 12:35:34 200,704 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-07-06 22:02:29 884,736 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e3607e3cb140b69ecc6aefbbb0021304\AspNetMMCExt.ni.dll
+ 2008-07-06 21:59:15 2,469,888 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepg\3e10833eb7f83e11eec3a970f528ac8d\ehepg.ni.dll
+ 2008-07-06 22:01:16 360,448 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\b5dcaeaa218eb42931b96193b5e4074f\ehepgdat.ni.dll
+ 2008-07-06 22:03:03 45,056 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\c8abe4268ada1cfa408dc4330e37817d\ehExtCOM.ni.dll
+ 2008-07-06 22:00:25 274,432 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\c11ea9504a5e5464b1850f98d3d381f1\ehExtHost.ni.exe
+ 2008-07-06 22:00:28 192,512 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\96751ef49f528415c45537453f9c4d28\ehiExtens.ni.dll
+ 2008-07-06 22:01:11 1,941,504 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\51b3eff44264e4f79d17c953207a7e6b\ehRecObj.ni.dll
+ 2008-07-06 22:01:04 12,963,840 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\368930610e62dcd81dc7ab18a8336131\ehshell.ni.dll
+ 2008-07-06 22:00:35 765,952 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\f50c33f0c4356099d7969e18aeb3f9bf\mcstore.ni.dll
+ 2008-07-06 22:01:18 266,240 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcupdate\2b7d84415dee2bae7b5238a3a14d0add\mcupdate.ni.exe
+ 2008-07-06 22:00:24 6,115,328 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\6871abee28a9ed5eb7a878013664eb52\Microsoft.MediaCenter.UI.ni.dll
+ 2008-07-06 22:00:37 712,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ceac290fb6cdaa39fcc449543998fd01\Microsoft.MediaCenter.Sports.ni.dll
+ 2008-07-06 22:00:30 282,624 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\cf87f745aab458d62d1c4f238c46689d\Microsoft.MediaCenter.Shell.ni.dll
+ 2008-07-06 22:00:27 634,880 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\fb91a2c47ac4978a5c9d28cc4cdf6fee\Microsoft.MediaCenter.ni.dll
+ 2008-07-06 22:03:14 1,720,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\750dcff9d4b9b92ec4acdc6b4cd313f8\Microsoft.VisualBasic.ni.dll
+ 2008-07-06 22:03:10 5,971,968 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\e159627625bc60fb6e454968d89ab948\MIGUIControls.ni.dll
+ 2008-07-06 22:03:15 135,168 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8760ddb37b90104d71544afce00fb454\ServiceModelReg.ni.exe
+ 2008-07-06 22:03:02 999,424 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\49a35f8d6b44cfe7c2a12cb873e58a22\System.IdentityModel.ni.dll
+ 2008-07-06 21:59:18 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll
+ 2008-07-06 22:03:00 17,416,192 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3636f59e63b317ae39d71c248befa5e2\System.ServiceModel.ni.dll
+ 2008-07-06 22:03:20 2,306,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0ccdb400998b3055c0b95941d8685348\System.Web.Mobile.ni.dll
+ 2008-07-06 22:00:03 1,941,504 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\37f75b2b7d0b3bb5242403b9c7ffabc7\System.Web.Services.ni.dll
+ 2008-07-06 21:59:57 12,185,600 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c11c5eb32a435c14a33e62b1e150e988\System.Web.ni.dll
- 2008-07-04 20:46:20 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-08 00:13:31 67,584 --s-a-w C:\Windows\bootstat.dat
- 2006-11-02 12:35:32 21,504 ----a-w C:\Windows\ehome\ehdebug.dll
+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\ehome\ehdebug.dll
- 2006-11-02 12:35:34 864,256 ----a-w C:\Windows\ehome\ehepg.dll
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\ehome\ehepg.dll
- 2006-11-02 12:35:33 143,360 ----a-w C:\Windows\ehome\ehexthost.exe
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\ehome\ehexthost.exe
- 2006-11-02 12:35:32 372,224 ----a-w C:\Windows\ehome\ehglid.dll
+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\ehome\ehglid.dll
- 2006-11-02 12:35:28 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll
- 2006-11-02 12:35:30 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll
+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll
- 2006-11-02 12:35:33 249,344 ----a-w C:\Windows\ehome\ehReplay.dll
+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\ehome\ehReplay.dll
- 2006-11-02 12:35:29 10,093,568 ----a-w C:\Windows\ehome\ehres.dll
+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\ehome\ehres.dll
- 2006-11-02 12:35:29 4,370,432 ----a-w C:\Windows\ehome\ehshell.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\ehome\ehshell.dll
- 2006-11-02 12:35:28 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
- 2006-11-02 12:35:34 517,120 ----a-w C:\Windows\ehome\ehui.dll
+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\ehome\ehui.dll
- 2006-11-02 12:35:29 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll
+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll
- 2006-11-02 12:35:34 6,656 ----a-w C:\Windows\ehome\McrMgr.dll
+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\ehome\McrMgr.dll
- 2006-11-02 12:35:34 173,056 ----a-w C:\Windows\ehome\McrMgr.exe
+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\ehome\McrMgr.exe
- 2006-11-02 12:35:33 136,192 ----a-w C:\Windows\ehome\mcupdate.exe
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\ehome\mcupdate.exe
- 2006-11-02 12:35:34 200,704 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll
- 2006-11-02 12:35:33 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll
- 2006-11-02 12:35:30 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
- 2006-11-02 09:45:07 2,923,520 ----a-w C:\Windows\explorer.exe
+ 2007-08-27 03:10:03 2,923,520 ----a-w C:\Windows\explorer.exe
- 2008-06-11 08:13:08 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-07-06 21:50:26 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-07-04 15:46:02 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-07-06 21:50:35 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-07-04 15:45:10 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-07-06 21:50:25 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-07-04 15:46:02 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-07-06 21:50:25 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-07-07 19:06:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-07 19:06:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-04 20:46:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-07 19:08:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-11-23 15:28:05 1,016,865 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-07-06 21:55:57 1,016,865 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-07-04 20:46:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-07 19:08:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-07 19:08:29 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-01 17:03:55 424,000 ----a-w C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe
- 2006-11-02 09:46:02 1,984,512 ----a-w C:\Windows\System32\authui.dll
+ 2007-06-27 02:21:31 1,984,512 ----a-w C:\Windows\System32\authui.dll
- 2006-11-02 09:46:02 65,024 ----a-w C:\Windows\System32\avicap32.dll
+ 2007-06-27 02:21:31 65,024 ----a-w C:\Windows\System32\avicap32.dll
- 2006-11-02 09:46:02 88,576 ----a-w C:\Windows\System32\avifil32.dll
+ 2007-06-27 02:21:31 88,576 ----a-w C:\Windows\System32\avifil32.dll
- 2006-11-02 09:39:02 36,864 ----a-w C:\Windows\System32\cdd.dll
+ 2007-07-03 02:08:22 36,864 ----a-w C:\Windows\System32\cdd.dll
- 2008-07-04 20:03:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-08 00:48:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-04 20:03:12 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-08 00:48:54 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-04 20:03:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-08 00:48:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-04 20:45:03 60,776 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-07-07 02:44:38 60,776 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
- 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
+ 2007-06-26 02:49:06 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
- 2006-11-02 09:46:03 204,800 ----a-w C:\Windows\System32\dhcpcsvc.dll
+ 2007-06-26 02:49:06 204,800 ----a-w C:\Windows\System32\dhcpcsvc.dll
- 2006-11-02 09:46:03 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
+ 2007-06-26 02:49:06 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
- 2006-11-02 09:46:04 134,656 ----a-w C:\Windows\System32\dps.dll
+ 2007-06-29 02:21:13 134,656 ----a-w C:\Windows\System32\dps.dll
- 2006-11-02 09:51:30 255,592 ----a-w C:\Windows\System32\drivers\acpi.sys
+ 2007-08-31 02:28:20 258,232 ----a-w C:\Windows\System32\drivers\acpi.sys
- 2006-11-02 09:49:36 19,048 ----a-w C:\Windows\System32\drivers\atapi.sys
+ 2008-01-19 05:06:48 21,560 ----a-w C:\Windows\System32\drivers\atapi.sys
- 2006-11-02 09:50:41 107,112 ----a-w C:\Windows\System32\drivers\ataport.sys
+ 2008-01-19 05:08:03 109,624 ----a-w C:\Windows\System32\drivers\ataport.sys
- 2006-11-02 08:38:51 617,472 ----a-w C:\Windows\System32\drivers\dxgkrnl.sys
+ 2007-07-03 01:01:16 619,008 ----a-w C:\Windows\System32\drivers\dxgkrnl.sys
- 2006-11-02 07:36:49 53,248 ----a-w C:\Windows\System32\drivers\hdaudbus.sys
+ 2007-05-04 00:31:44 53,760 ----a-w C:\Windows\System32\drivers\hdaudbus.sys
- 2006-11-02 09:49:24 14,952 ----a-w C:\Windows\System32\drivers\intelide.sys
+ 2008-01-19 05:06:34 17,464 ----a-w C:\Windows\System32\drivers\intelide.sys
- 2006-11-02 08:54:05 41,984 ----a-w C:\Windows\System32\drivers\monitor.sys
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\System32\drivers\monitor.sys
- 2006-11-02 08:58:07 20,480 ----a-w C:\Windows\System32\drivers\ndistapi.sys
+ 2007-07-04 01:28:10 20,480 ----a-w C:\Windows\System32\drivers\ndistapi.sys
- 2006-11-02 08:58:09 48,640 ----a-w C:\Windows\System32\drivers\ndproxy.sys
+ 2007-07-04 01:28:13 48,640 ----a-w C:\Windows\System32\drivers\ndproxy.sys
- 2006-11-02 09:51:47 1,056,360 ----a-w C:\Windows\System32\drivers\ntfs.sys
+ 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\System32\drivers\ntfs.sys
- 2006-11-02 12:34:33 154,112 ----a-w C:\Windows\System32\drivers\nwifi.sys
+ 2008-01-19 03:06:36 154,624 ----a-w C:\Windows\System32\drivers\nwifi.sys
- 2006-11-02 08:57:33 70,144 ----a-w C:\Windows\System32\drivers\pacer.sys
+ 2007-07-04 01:27:33 70,144 ----a-w C:\Windows\System32\drivers\pacer.sys
- 2006-11-02 09:50:18 42,600 ----a-w C:\Windows\System32\drivers\pciidex.sys
+ 2008-01-19 05:07:19 45,112 ----a-w C:\Windows\System32\drivers\pciidex.sys
- 2006-11-02 08:55:05 54,784 ----a-w C:\Windows\System32\drivers\USBSTOR.SYS
+ 2007-04-28 02:39:34 55,296 ----a-w C:\Windows\System32\drivers\USBSTOR.SYS
- 2006-11-02 09:51:18 208,488 ----a-w C:\Windows\System32\drivers\volsnap.sys
+ 2007-10-26 11:14:11 211,000 ----a-w C:\Windows\System32\drivers\volsnap.sys
- 2006-11-02 08:58:13 61,952 ----a-w C:\Windows\System32\drivers\wanarp.sys
+ 2007-07-04 01:28:17 61,952 ----a-w C:\Windows\System32\drivers\wanarp.sys
+ 2007-08-31 02:28:20 258,232 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\acpi.sys
+ 2007-08-31 02:27:20 28,344 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\battc.sys
+ 2007-08-31 02:27:04 20,920 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\compbatt.sys
+ 2007-08-31 00:57:48 11,264 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\wmiacpi.sys
+ 2007-08-31 02:27:20 28,344 ----a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_68d2ccc3\battc.sys
+ 2007-08-31 00:57:48 14,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_68d2ccc3\CmBatt.sys
+ 2007-08-31 00:57:49 21,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_68d2ccc3\hidbatt.sys
+ 2007-05-04 00:31:44 53,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_6baf8130\hdaudbus.sys
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\monitor.inf_1a316eff\monitor.sys
+ 2008-01-19 05:06:34 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\aliide.sys
+ 2008-01-19 05:06:40 17,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\amdide.sys
+ 2008-01-19 05:06:48 21,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
+ 2008-01-19 05:08:03 109,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\ataport.sys
+ 2008-01-19 05:06:41 19,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\cmdide.sys
+ 2008-01-19 05:06:34 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\intelide.sys
+ 2008-01-19 05:06:55 25,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\msahci.sys
+ 2008-01-19 05:06:34 15,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\pciide.sys
+ 2008-01-19 05:07:19 45,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\pciidex.sys
+ 2008-01-19 05:07:08 20,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\viaide.sys
+ 2007-09-01 02:23:47 81,592 ----a-w C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_cdabeeda\sbp2port.sys
+ 2007-04-28 02:15:33 82,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_0507e6be\sdbus.sys
+ 2007-04-28 02:35:46 13,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_89fdc4da\sffdisk.sys
+ 2007-04-28 02:35:46 12,800 ----a-w C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_89fdc4da\sffp_mmc.sys
+ 2007-04-28 02:35:45 12,800 ----a-w C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_89fdc4da\sffp_sd.sys
+ 2007-04-28 02:39:34 55,296 ----a-w C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
+ 2007-10-26 11:14:11 211,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
- 2007-11-21 23:23:19 4,096 ----a-w C:\Windows\System32\dxmasf.dll
+ 2007-09-11 02:21:17 4,096 ----a-w C:\Windows\System32\dxmasf.dll
- 2006-11-02 12:34:42 1,686,528 ----a-w C:\Windows\System32\gameux.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
- 2006-11-02 12:34:42 3,953,152 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
- 2006-11-02 09:45:13 13,824 ----a-w C:\Windows\System32\icsunattend.exe
+ 2007-07-12 04:08:09 13,824 ----a-w C:\Windows\System32\icsunattend.exe
- 2006-11-02 09:46:05 286,720 ----a-w C:\Windows\System32\ipnathlp.dll
+ 2007-07-12 04:09:14 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
- 2006-11-02 09:46:05 694,272 ----a-w C:\Windows\System32\localspl.dll
+ 2007-06-29 02:21:45 694,784 ----a-w C:\Windows\System32\localspl.dll
- 2006-11-02 09:45:22 267,776 ----a-w C:\Windows\System32\mcbuilder.exe
+ 2007-06-21 02:12:44 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
- 2006-11-02 09:46:05 82,944 ----a-w C:\Windows\System32\mciavi32.dll
+ 2007-06-27 02:22:18 82,944 ----a-w C:\Windows\System32\mciavi32.dll
- 2006-11-02 12:35:54 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
+ 2007-09-11 02:20:02 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
- 2006-11-02 09:46:07 564,224 ----a-w C:\Windows\System32\msftedit.dll
+ 2007-07-03 02:13:44 564,736 ----a-w C:\Windows\System32\msftedit.dll
- 2006-11-02 09:46:10 12,800 ----a-w C:\Windows\System32\msrle32.dll
+ 2007-06-27 02:22:36 12,800 ----a-w C:\Windows\System32\msrle32.dll
- 2006-11-02 09:46:10 215,552 ----a-w C:\Windows\System32\msshsq.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\System32\msshsq.dll
- 2006-11-02 09:46:10 123,904 ----a-w C:\Windows\System32\msvfw32.dll
+ 2007-06-27 02:22:39 123,904 ----a-w C:\Windows\System32\msvfw32.dll
- 2006-11-02 09:46:10 31,232 ----a-w C:\Windows\System32\msvidc32.dll
+ 2007-06-27 02:22:39 31,232 ----a-w C:\Windows\System32\msvidc32.dll
- 2006-11-02 09:46:11 383,488 ----a-w C:\Windows\System32\netcfgx.dll
+ 2007-07-03 02:14:14 384,000 ----a-w C:\Windows\System32\netcfgx.dll
- 2007-12-12 09:03:45 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
+ 2007-10-24 03:58:11 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
- 2007-12-12 09:03:44 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
+ 2007-10-24 03:58:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
- 2006-11-02 09:46:12 220,160 ----a-w C:\Windows\System32\ntprint.dll
+ 2007-06-26 02:51:24 220,160 ----a-w C:\Windows\System32\ntprint.dll
- 2006-11-02 09:45:31 61,440 ----a-w C:\Windows\System32\ntprint.exe
+ 2007-06-26 02:21:16 61,440 ----a-w C:\Windows\System32\ntprint.exe
- 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\System32\pacerprf.dll
+ 2007-07-04 02:22:30 15,360 ----a-w C:\Windows\System32\pacerprf.dll
- 2008-07-03 00:54:36 125,090 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-08 00:21:06 125,090 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-03 00:54:36 673,446 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-08 00:21:06 673,446 ----a-w C:\Windows\System32\perfh009.dat
- 2006-11-02 12:36:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
+ 2007-08-30 04:00:33 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
- 2006-11-02 09:46:12 77,824 ----a-w C:\Windows\System32\rascfg.dll
+ 2007-07-04 02:22:38 77,824 ----a-w C:\Windows\System32\rascfg.dll
- 2006-11-02 09:46:12 52,736 ----a-w C:\Windows\System32\rasdiag.dll
+ 2007-07-04 02:22:38 52,736 ----a-w C:\Windows\System32\rasdiag.dll
- 2006-11-02 09:46:12 32,768 ----a-w C:\Windows\System32\rasmxs.dll
+ 2007-07-04 02:22:38 32,768 ----a-w C:\Windows\System32\rasmxs.dll
- 2006-11-02 09:46:12 22,016 ----a-w C:\Windows\System32\rasser.dll
+ 2007-07-04 02:22:38 22,016 ----a-w C:\Windows\System32\rasser.dll
- 2006-11-02 09:46:12 467,456 ----a-w C:\Windows\System32\riched20.dll
+ 2007-07-03 02:14:39 467,456 ----a-w C:\Windows\System32\riched20.dll
- 2006-11-02 09:46:12 8,192 ----a-w C:\Windows\System32\riched32.dll
+ 2007-07-03 02:14:39 8,192 ----a-w C:\Windows\System32\riched32.dll
- 2006-11-02 09:46:12 269,312 ----a-w C:\Windows\System32\schannel.dll
+ 2007-06-19 02:10:48 269,824 ----a-w C:\Windows\System32\schannel.dll
- 2006-11-02 09:46:12 69,632 ----a-w C:\Windows\System32\sendmail.dll
+ 2007-05-24 02:25:48 69,632 ----a-w C:\Windows\System32\sendmail.dll
- 2006-11-02 09:46:13 11,314,688 ----a-w C:\Windows\System32\shell32.dll
+ 2007-06-27 02:23:27 11,315,200 ----a-w C:\Windows\System32\shell32.dll
- 2006-11-02 09:46:13 221,184 ----a-w C:\Windows\System32\SLC.dll
+ 2007-06-21 02:15:28 223,232 ----a-w C:\Windows\System32\SLC.dll
- 2006-11-02 09:46:13 39,936 ----a-w C:\Windows\System32\slcinst.dll
+ 2007-06-21 02:15:28 39,936 ----a-w C:\Windows\System32\slcinst.dll
- 2006-11-02 09:46:13 565,760 ----a-w C:\Windows\System32\SLCommDlg.dll
+ 2007-06-21 02:15:29 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
- 2006-11-02 09:45:45 186,368 ----a-w C:\Windows\System32\SLLUA.exe
+ 2007-06-21 02:12:55 186,368 ----a-w C:\Windows\System32\SLLUA.exe
- 2006-11-02 09:45:45 2,592,256 ----a-w C:\Windows\System32\SLsvc.exe
+ 2007-06-21 02:12:55 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
- 2006-11-02 09:45:45 349,184 ----a-w C:\Windows\System32\SLUI.exe
+ 2007-06-21 02:12:55 351,232 ----a-w C:\Windows\System32\SLUI.exe
- 2006-11-02 09:46:13 57,344 ----a-w C:\Windows\System32\SLUINotify.dll
+ 2007-06-21 02:15:29 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
- 2006-11-02 09:46:13 33,280 ----a-w C:\Windows\System32\slwmi.dll
+ 2007-06-21 02:15:29 33,280 ----a-w C:\Windows\System32\slwmi.dll
- 2008-06-11 08:14:15 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-07-07 02:39:35 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-11-21 23:23:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
+ 2007-09-11 02:21:01 7,680 ----a-w C:\Windows\System32\spwmp.dll
- 2006-11-02 12:34:48 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
+ 2007-07-13 02:20:52 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
- 2006-11-02 09:46:13 540,672 ----a-w C:\Windows\System32\sysmain.dll
+ 2007-08-29 03:06:53 542,720 ----a-w C:\Windows\System32\sysmain.dll
- 2006-11-02 09:46:13 33,280 ----a-w C:\Windows\System32\traffic.dll
+ 2007-07-04 02:22:55 33,280 ----a-w C:\Windows\System32\traffic.dll
- 2006-11-02 09:46:13 356,864 ----a-w C:\Windows\System32\wbem\wbemcomn.dll
+ 2007-08-31 02:17:42 356,352 ----a-w C:\Windows\System32\wbem\wbemcomn.dll
- 2008-07-04 20:05:49 7,518 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2853648524-1478991029-965573137-1005_UserData.bin
+ 2008-07-07 19:08:56 8,324 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2853648524-1478991029-965573137-1005_UserData.bin
- 2008-07-04 20:05:48 74,314 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 19:08:56 74,646 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-04 20:05:45 44,446 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 19:08:54 44,862 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-07-03 20:01:22 313,244 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-07-08 00:13:39 315,398 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 09:46:14 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
+ 2007-05-24 02:26:10 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
- 2006-11-02 12:34:30 47,104 ----a-w C:\Windows\System32\wlanapi.dll
+ 2007-08-29 03:07:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
- 2006-11-02 12:34:30 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
+ 2007-08-29 03:07:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
- 2006-11-02 12:34:30 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
+ 2007-08-29 03:07:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
- 2006-11-02 12:34:30 297,984 ----a-w C:\Windows\System32\wlansec.dll
+ 2007-08-29 03:07:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
- 2006-11-02 12:34:30 502,784 ----a-w C:\Windows\System32\wlansvc.dll
+ 2007-08-29 03:07:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
- 2007-11-21 23:23:21 10,617,344 ----a-w C:\Windows\System32\wmp.dll
+ 2007-09-11 02:21:39 10,617,344 ----a-w C:\Windows\System32\wmp.dll
- 2007-11-21 23:23:22 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
+ 2007-09-11 01:36:49 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
- 2006-11-02 09:46:14 13,824 ----a-w C:\Windows\System32\wshqos.dll
+ 2007-07-04 02:23:18 13,824 ----a-w C:\Windows\System32\wshqos.dll
- 2006-11-02 09:46:14 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
+ 2007-08-31 02:17:56 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
- 2008-06-11 08:02:01 31,583,053 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-06 21:18:33 39,790,147 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\ehepg.dll
+ 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\ehepg.dll
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\ehexthost.exe
+ 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\ehexthost.exe
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\ehiExtens.dll
+ 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\ehiExtens.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\ehshell.dll
+ 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\ehshell.dll
+ 2008-04-23 04:36:58 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\ehshell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:37:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\Microsoft.MediaCenter.dll
+ 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\Microsoft.MediaCenter.dll
+ 2007-08-31 02:28:20 258,232 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\acpi.sys
+ 2007-08-31 02:27:20 28,344 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\battc.sys
+ 2007-08-31 02:27:04 20,920 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\compbatt.sys
+ 2007-08-31 00:57:48 11,264 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\wmiacpi.sys
+ 2007-08-31 02:22:53 258,232 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\acpi.sys
+ 2007-08-31 02:21:27 28,344 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\battc.sys
+ 2007-08-31 02:21:14 20,920 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\compbatt.sys
+ 2007-08-31 01:02:00 11,264 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\wmiacpi.sys
+ 2007-08-31 02:27:20 28,344 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\battc.sys
+ 2007-08-31 00:57:48 14,208 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\CmBatt.sys
+ 2007-08-31 00:57:49 21,504 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\hidbatt.sys
+ 2007-08-31 02:21:27 28,344 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\battc.sys
+ 2007-08-31 01:02:00 14,208 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\CmBatt.sys
+ 2007-08-31 01:02:01 21,504 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\hidbatt.sys
+ 2007-05-04 00:31:44 53,760 ----a-w C:\Windows\winsxs\x86_hdaudbus.inf_31bf3856ad364e35_6.0.6000.16481_none_74e5d15989a08e89\hdaudbus.sys
+ 2007-05-05 00:37:12 53,760 ----a-w C:\Windows\winsxs\x86_hdaudbus.inf_31bf3856ad364e35_6.0.6000.20592_none_75659e82a2c5639b\hdaudbus.sys
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\mcupdate.exe
+ 2008-04-23 14:13:03 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\mcupdate.exe
+ 2008-04-23 04:37:28 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\mcupdate.exe
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
+ 2007-06-27 02:21:31 1,984,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16513_none_0a056d7cf846bbd5\authui.dll
+ 2007-06-27 02:14:53 1,984,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.20628_none_0a893bce1167f643\authui.dll
+ 2007-06-27 02:21:23 967,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-calendar_31bf3856ad364e35_6.0.6000.16513_none_8f02a43161a69634\WinCal.exe
+ 2007-06-27 01:22:15 967,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-calendar_31bf3856ad364e35_6.0.6000.20628_none_8f8672827ac7d0a2\WinCal.exe
+ 2007-06-29 02:21:13 134,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6000.16515_none_663e618f9f0e757e\dps.dll
+ 2007-06-29 02:21:53 134,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6000.20630_none_66ad5d10b840ce77\dps.dll
+ 2007-06-26 02:49:06 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcmonitor.dll
+ 2007-06-26 02:49:06 204,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcsvc.dll
+ 2007-06-26 02:49:06 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcsvc6.dll
+ 2007-06-26 02:36:21 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcmonitor.dll
+ 2007-06-26 02:36:21 203,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcsvc.dll
+ 2007-06-26 02:36:21 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcsvc6.dll
+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\ehReplay.dll
+ 2008-04-23 05:11:36 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\ehReplay.dll
+ 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\ehReplay.dll
+ 2008-04-23 04:30:25 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\ehReplay.dll
+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.dll
+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.exe
+ 2008-04-23 05:11:51 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.dll
+ 2008-04-23 03:56:48 172,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.exe
+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\ehdebug.dll
+ 2008-04-23 05:11:35 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\ehdebug.dll
+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\ehglid.dll
+ 2008-04-23 05:11:35 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\ehglid.dll
+ 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\ehglid.dll
+ 2008-04-23 04:30:24 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\ehglid.dll
+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\ehPresenter.dll
+ 2008-04-23 05:11:36 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\ehPresenter.dll
+ 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\ehPresenter.dll
+ 2008-04-23 04:30:25 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\ehPresenter.dll
+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\ehres.dll
+ 2008-04-23 05:11:36 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\ehres.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\ehtrace.dll
+ 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\ehtrace.dll
+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\ehui.dll
+ 2008-04-23 05:11:36 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\ehui.dll
+ 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\ehui.dll
+ 2008-04-23 04:30:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\ehui.dll
+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\ehuihlp.dll
+ 2008-04-23 05:11:36 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\ehuihlp.dll
+ 2007-08-27 03:10:03 2,923,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
+ 2007-08-27 02:01:58 2,923,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
+ 2007-07-03 02:08:22 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.16517_none_a9de8a2ce66804b6\cdd.dll
+ 2007-07-03 01:01:16 619,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.16517_none_a9de8a2ce66804b6\dxgkrnl.sys
+ 2007-07-03 02:16:20 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.20632_none_aa4d85adff9a5daf\cdd.dll
+ 2007-07-03 01:07:51 619,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.20632_none_aa4d85adff9a5daf\dxgkrnl.sys
+ 2008-04-23 04:27:01 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\mcmde.dll
+ 2008-04-23 05:11:51 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\mcmde.dll
+ 2007-09-11 02:20:02 356,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediametadatahandler_31bf3856ad364e35_6.0.6000.16557_none_890b997ff4e3a637\MediaMetadataHandler.dll
+ 2007-09-08 04:52:23 356,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediametadatahandler_31bf3856ad364e35_6.0.6000.20676_none_897e96290e12648c\MediaMetadataHandler.dll
+ 2007-09-11 02:21:17 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\dxmasf.dll
+ 2007-09-11 02:21:01 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\spwmp.dll
+ 2007-09-11 02:21:39 10,617,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmp.dll
+ 2007-09-11 02:19:09 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmpconfig.exe
+ 2007-09-11 02:19:09 168,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmplayer.exe
+ 2007-09-11 01:36:49 8,147,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmploc.DLL
+ 2007-09-11 02:19:10 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmpshare.exe
+ 2007-09-08 04:53:43 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\dxmasf.dll
+ 2007-09-08 04:53:26 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\spwmp.dll
+ 2007-09-08 04:54:02 10,616,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmp.dll
+ 2007-09-08 04:14:59 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmpconfig.exe
+ 2007-09-08 04:14:51 168,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmplayer.exe
+ 2007-09-08 04:14:54 8,147,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmploc.DLL
+ 2007-09-08 04:14:35 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmpshare.exe
+ 2007-07-03 02:13:44 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msftedit_31bf3856ad364e35_6.0.6000.16517_none_d3e6ea943a0ccc2e\msftedit.dll
+ 2007-07-03 02:18:02 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msftedit_31bf3856ad364e35_6.0.6000.20632_none_d455e615533f2527\msftedit.dll
+ 2007-06-21 02:12:44 268,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.0.6000.16509_none_182f5e49b7a9aadf\mcbuilder.exe
+ 2007-06-21 00:51:18 268,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.0.6000.20624_none_189e59cad0dc03d8\mcbuilder.exe
+ 2008-01-19 03:06:36 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.16632_none_4d03fb3a91e27bd0\nwifi.sys
+ 2008-01-19 02:32:39 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.20757_none_4d7cf99fab0bd22f\nwifi.sys
+ 2007-07-03 02:14:14 384,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6000.16517_none_3c2ad8f2286305c8\netcfgx.dll
+ 2007-07-03 02:18:48 384,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6000.20632_none_3c99d47341955ec1\netcfgx.dll
+ 2007-10-26 11:12:53 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
+ 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
+ 2007-10-26 04:22:05 1,061,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
+ 2007-12-16 22:52:59 1,061,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys
+ 2008-05-02 22:21:56 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16688_none_f0535e6e6e8d6c76\OESpamFilter.dat
+ 2008-05-02 22:17:48 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20833_none_f10e0b498786feff\OESpamFilter.dat
+ 2008-05-02 22:18:31 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18071_none_f23d6afa6bb23015\OESpamFilter.dat
+ 2008-05-02 22:17:54 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22178_none_f2ce09cb84c98140\OESpamFilter.dat
+ 2007-10-30 03:12:15 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16588_none_bacb6cf1fe8d4f50\oleaut32.dll
+ 2007-10-30 03:56:09 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20711_none_bb99b91117787749\oleaut32.dll
+ 2007-06-28 02:30:09 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntkrnlpa.exe
+ 2007-06-28 02:30:09 3,470,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe
+ 2007-08-29 03:11:59 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe
+ 2007-08-29 03:11:57 3,471,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe
+ 2007-10-24 03:58:11 3,504,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe
+ 2007-10-24 03:58:10 3,470,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntoskrnl.exe
+ 2007-06-28 02:29:58 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntkrnlpa.exe
+ 2007-06-28 02:29:57 3,470,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe
+ 2007-08-29 02:50:20 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe
+ 2007-08-29 02:50:18 3,471,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntoskrnl.exe
+ 2007-10-24 04:13:51 3,505,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe
+ 2007-10-24 04:13:50 3,471,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntoskrnl.exe
+ 2007-06-29 02:21:45 694,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.16515_none_2e2f4ef5958b2567\localspl.dll
+ 2007-06-29 02:22:49 694,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.20630_none_2e9e4a76aebd7e60\localspl.dll
+ 2007-06-26 02:51:24 220,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.16512_none_ee146a58804bf72b\ntprint.dll
+ 2007-06-26 02:21:16 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.16512_none_ee146a58804bf72b\ntprint.exe
+ 2007-06-26 02:38:21 220,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.20627_none_ee9838a9996d3199\ntprint.dll
+ 2007-06-26 02:10:18 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.20627_none_ee9838a9996d3199\ntprint.exe
+ 2007-06-22 02:16:39 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16510_none_69dd6e605b578d62\PhotoScreensaver.scr
+ 2007-08-30 04:00:33 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16552_none_69b42f445b762fd4\PhotoScreensaver.scr
+ 2007-06-22 01:31:04 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20625_none_6a613cb17478c7d0\PhotoScreensaver.scr
+ 2007-08-30 02:40:37 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20671_none_6a272bed74a4ee29\PhotoScreensaver.scr
+ 2007-07-04 01:27:33 70,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\pacer.sys
+ 2007-07-04 02:22:30 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\pacerprf.dll
+ 2007-07-04 02:22:55 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\traffic.dll
+ 2007-07-04 02:23:18 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\wshqos.dll
+ 2007-07-04 01:26:58 70,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\pacer.sys
+ 2007-07-04 02:15:22 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\pacerprf.dll
+ 2007-07-04 02:15:47 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\traffic.dll
+ 2007-07-04 02:16:06 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\wshqos.dll
+ 2007-07-04 01:28:10 20,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\ndistapi.sys
+ 2007-07-04 01:28:13 48,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\ndproxy.sys
+ 2007-07-04 02:22:38 77,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rascfg.dll
+ 2007-07-04 02:22:38 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rasdiag.dll
+ 2007-07-04 02:22:38 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rasmxs.dll
+ 2007-07-04 02:22:38 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rasser.dll
+ 2007-07-04 01:28:17 61,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\wanarp.sys
+ 2007-07-04 01:27:35 20,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\ndistapi.sys
+ 2007-07-04 01:27:38 48,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\ndproxy.sys
+ 2007-07-04 02:15:28 77,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rascfg.dll
+ 2007-07-04 02:15:28 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rasdiag.dll
+ 2007-07-04 02:15:29 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rasmxs.dll
+ 2007-07-04 02:15:29 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rasser.dll
+ 2007-07-04 01:27:42 61,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\wanarp.sys
+ 2007-07-03 02:14:39 467,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.16517_none_9b16a5648576e40a\riched20.dll
+ 2007-07-03 02:14:39 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.16517_none_9b16a5648576e40a\riched32.dll
+ 2007-07-03 02:19:22 467,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.20632_none_9b85a0e59ea93d03\riched20.dll
+ 2007-07-03 02:19:22 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.20632_none_9b85a0e59ea93d03\riched32.dll
+ 2007-06-21 02:15:28 223,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.16509_none_c3421cfda8beb1db\SLC.dll
+ 2007-06-21 02:08:07 223,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.20624_none_c3b1187ec1f10ad4\SLC.dll
+ 2007-08-29 03:06:53 542,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6000.16551_none_3b32a26ce33869cb\sysmain.dll
+ 2007-08-29 02:45:24 542,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6000.20670_none_3ba59f15fc672820\sysmain.dll
+ 2007-06-21 02:15:29 566,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLCommDlg.dll
+ 2007-06-21 02:12:55 186,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLLUA.exe
+ 2007-06-21 02:12:55 351,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLUI.exe
+ 2007-06-21 02:15:29 57,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLUINotify.dll
+ 2007-06-21 02:08:07 566,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLCommDlg.dll
+ 2007-06-21 01:06:23 186,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLLUA.exe
+ 2007-06-21 01:06:32 351,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLUI.exe
+ 2007-06-21 02:08:07 57,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLUINotify.dll
+ 2007-06-21 02:15:28 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.16509_none_4c9a3f87fc5750bf\slcinst.dll
+ 2007-06-21 02:12:55 2,605,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.16509_none_4c9a3f87fc5750bf\SLsvc.exe
+ 2007-06-21 02:08:07 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.20624_none_4d093b091589a9b8\slcinst.dll
+ 2007-06-21 01:50:39 2,605,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.20624_none_4d093b091589a9b8\SLsvc.exe
+ 2007-06-21 02:15:29 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wmi_31bf3856ad364e35_6.0.6000.16509_none_4c6f7771fc7773a0\slwmi.dll
+ 2007-06-21 02:08:07 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wmi_31bf3856ad364e35_6.0.6000.20624_none_4cde72f315a9cc99\slwmi.dll
+ 2007-06-19 02:10:48 269,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16508_none_20380cd258151361\schannel.dll
+ 2007-06-19 02:05:45 269,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.20622_none_20a6080971485303\schannel.dll
+ 2007-05-24 02:25:48 69,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.0.6000.16493_none_58a4e9811f22ea1c\sendmail.dll
+ 2007-05-24 02:19:34 69,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.0.6000.20605_none_5991d81237f5be42\sendmail.dll
+ 2007-07-12 04:08:09 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.16522_none_02d37ed64c3424df\icsunattend.exe
+ 2007-07-12 04:09:14 286,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.16522_none_02d37ed64c3424df\ipnathlp.dll
+ 2007-07-12 01:52:52 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.20638_none_03584d71655478a4\icsunattend.exe
+ 2007-07-12 02:43:31 285,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.20638_none_03584d71655478a4\ipnathlp.dll
+ 2007-06-27 02:23:27 11,315,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll
+ 2007-06-27 02:17:57 11,315,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll
+ 2007-07-13 02:20:52 8,138,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ssbranded_31bf3856ad364e35_6.0.6000.16523_none_36921e330a735e63\ssBranded.scr
+ 2007-07-13 01:19:54 8,138,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ssbranded_31bf3856ad364e35_6.0.6000.20639_none_3716ecce2393b228\ssBranded.scr
+ 2007-08-31 02:17:56 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.16553_none_c5179c13c95485bd\wtsapi32.dll
+ 2007-08-31 02:14:51 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.20672_none_c58a98bce2834412\wtsapi32.dll
+ 2008-04-23 04:27:00 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\EncDec.dll
+ 2008-04-23 05:11:36 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\EncDec.dll
+ 2008-04-23 04:42:37 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\EncDec.dll
+ 2008-04-23 04:34:41 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\EncDec.dll
+ 2008-04-23 04:27:04 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\psisdecd.dll
+ 2008-04-23 05:12:30 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\psisdecd.dll
+ 2008-04-23 04:42:37 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\psisdecd.dll
+ 2008-04-23 04:34:47 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\psisdecd.dll
+ 2007-06-27 02:21:31 65,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\avicap32.dll
+ 2007-06-27 02:21:31 88,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\avifil32.dll
+ 2007-06-27 02:22:18 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\mciavi32.dll
+ 2007-06-27 02:22:36 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\msrle32.dll
+ 2007-06-27 02:22:39 123,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\msvfw32.dll
+ 2007-06-27 02:22:39 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\msvidc32.dll
+ 2007-06-27 02:14:54 65,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\avicap32.dll
+ 2007-06-27 02:14:54 88,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\avifil32.dll
+ 2007-06-27 02:16:24 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\mciavi32.dll
+ 2007-06-27 02:16:47 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\msrle32.dll
+ 2007-06-27 02:16:50 123,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\msvfw32.dll
+ 2007-06-27 02:16:50 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\msvidc32.dll
+ 2007-08-29 01:52:47 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16551_none_b6d829dc9d87e0b4\win32k.sys
+ 2007-08-29 01:35:43 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20670_none_b74b2685b6b69f09\win32k.sys
+ 2007-05-24 02:26:10 712,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16493_none_943d269aa43dda3a\WindowsCodecs.dll
+ 2007-05-24 02:19:50 712,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20605_none_952a152bbd10ae60\WindowsCodecs.dll
+ 2006-11-02 12:34:29 14,827 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\gatherWirelessInfo.vbs
+ 2007-08-29 03:07:04 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanapi.dll
+ 2007-08-29 03:07:04 67,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanhlp.dll
+ 2007-08-29 03:07:04 290,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanmsm.dll
+ 2007-08-29 03:07:05 297,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlansec.dll
+ 2007-08-29 03:07:05 502,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlansvc.dll
+ 2006-11-02 12:34:29 14,827 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\gatherWirelessInfo.vbs
+ 2007-08-29 02:45:37 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanapi.dll
+ 2007-08-29 02:45:38 67,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanhlp.dll
+ 2007-08-29 02:45:38 289,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanmsm.dll
+ 2007-08-29 02:45:38 299,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlansec.dll
+ 2007-08-29 02:45:38 502,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlansvc.dll
+ 2007-08-31 02:17:42 356,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.16553_none_0161deb32631b63d\wbemcomn.dll
+ 2007-08-31 02:14:37 356,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.20672_none_01d4db5c3f607492\wbemcomn.dll
+ 2008-07-06 21:13:35 1,275,392 ----a-w C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7\msxml4.dll
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.16615_none_4117345983213804\monitor.sys
+ 2007-12-16 09:50:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.20740_none_417b5fee9c5bacee\monitor.sys
+ 2008-01-19 05:06:34 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\aliide.sys
+ 2008-01-19 05:06:40 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\amdide.sys
+ 2008-01-19 05:06:48 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
+ 2008-01-19 05:08:03 109,624 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\ataport.sys
+ 2008-01-19 05:06:41 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\cmdide.sys
+ 2008-01-19 05:06:34 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\intelide.sys
+ 2008-01-19 05:06:55 25,656 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\msahci.sys
+ 2008-01-19 05:06:34 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciide.sys
+ 2008-01-19 05:07:19 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciidex.sys
+ 2008-01-19 05:07:08 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\viaide.sys
+ 2008-01-19 04:33:11 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\aliide.sys
+ 2008-01-19 04:33:11 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\amdide.sys
+ 2008-01-19 04:33:23 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
+ 2008-01-19 04:34:32 110,136 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\ataport.sys
+ 2008-01-19 04:33:17 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\cmdide.sys
+ 2008-01-19 04:33:16 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\intelide.sys
+ 2008-01-19 04:33:29 28,216 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\msahci.sys
+ 2008-01-19 04:33:11 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciide.sys
+ 2008-01-19 04:33:50 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciidex.sys
+ 2008-01-19 04:34:00 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\viaide.sys
+ 2007-09-01 02:23:47 81,592 ----a-w C:\Windows\winsxs\x86_sbp2.inf_31bf3856ad364e35_6.0.6000.16554_none_432055ecf9219c67\sbp2port.sys
+ 2007-09-01 02:22:02 81,592 ----a-w C:\Windows\winsxs\x86_sbp2.inf_31bf3856ad364e35_6.0.6000.20673_none_4393529612505abc\sbp2port.sys
+ 2007-04-28 02:15:33 82,432 ----a-w C:\Windows\winsxs\x86_sdbus.inf_31bf3856ad364e35_6.0.6000.16478_none_6fb8cd2dcd6214ea\sdbus.sys
+ 2007-04-28 02:10:55 82,432 ----a-w C:\Windows\winsxs\x86_sdbus.inf_31bf3856ad364e35_6.0.6000.20588_none_70379a0ce687d0a5\sdbus.sys
+ 2007-01-17 03:02:16 19,128 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpAsDesc.dll
+ 2007-01-17 03:02:33 311,992 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpClient.dll
+ 2007-01-17 03:02:34 318,648 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpCmdRun.exe
+ 2006-11-02 12:34:32 2,565,432 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpEngine.dll
+ 2007-01-17 03:02:21 90,296 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpOAV.dll
+ 2007-01-17 03:02:43 670,392 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpRtMon.dll
+ 2007-01-17 03:02:20 58,552 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpRtPlug.dll
+ 2007-01-17 03:02:23 133,816 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpSigDwn.dll
+ 2007-01-17 03:02:37 513,720 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpSoftEx.dll
+ 2007-01-17 03:02:28 265,912 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpSvc.dll
+ 2007-01-17 03:02:44 1,006,264 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MSASCui.exe
+ 2007-01-17 03:02:26 215,224 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MsMpCom.dll
+ 2007-01-17 03:02:16 14,008 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MsMpLics.dll
+ 2007-01-17 03:02:42 656,568 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MsMpRes.dll
+ 2007-01-17 02:55:31 19,128 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpAsDesc.dll
+ 2007-01-17 02:55:54 311,992 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpClient.dll
+ 2007-01-17 02:55:54 318,648 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpCmdRun.exe
+ 2006-11-02 12:34:32 2,565,432 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpEngine.dll
+ 2007-01-17 02:55:41 90,296 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpOAV.dll
+ 2007-01-17 02:56:03 670,392 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpRtMon.dll
+ 2007-01-17 02:55:37 58,552 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpRtPlug.dll
+ 2007-01-17 02:55:40 133,816 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpSigDwn.dll
+ 2007-01-17 02:55:57 513,720 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpSoftEx.dll
+ 2007-01-17 02:55:48 265,912 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpSvc.dll
+ 2007-01-17 02:56:04 1,006,264 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MSASCui.exe
+ 2007-01-17 02:55:46 215,224 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MsMpCom.dll
+ 2007-01-17 02:55:31 14,008 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MsMpLics.dll
+ 2007-01-17 02:56:03 656,568 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MsMpRes.dll
+ 2007-04-28 02:35:46 13,312 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.16478_none_a211996cecf4f6d9\sffdisk.sys
+ 2007-04-28 02:35:46 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.16478_none_a211996cecf4f6d9\sffp_mmc.sys
+ 2007-04-28 02:35:45 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.16478_none_a211996cecf4f6d9\sffp_sd.sys
+ 2007-04-28 02:28:23 13,312 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.20588_none_a290664c061ab294\sffdisk.sys
+ 2007-04-28 02:28:23 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.20588_none_a290664c061ab294\sffp_mmc.sys
+ 2007-04-28 02:28:23 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.20588_none_a290664c061ab294\sffp_sd.sys
+ 2007-04-28 02:39:34 55,296 ----a-w C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
+ 2007-04-28 02:31:47 55,296 ----a-w C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
+ 2007-10-26 11:14:11 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
+ 2007-10-26 04:22:53 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.16404_none_a5026e9e71025fcb\msshsq.dll
+ 2006-12-20 07:11:39 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.20500_none_a5880a418a239a39\msshsq.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"mpx"="c:\WINDOWS\system32\mpx.exe" [2008-06-29 14:51 58594]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2007-02-02 14:03 415864]
"VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2007-03-01 17:59 2322432]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-08 07:22 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-08 07:22 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 22:03 1232152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2007-03-13 13:42:45 448632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 17:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
--a------ 2007-01-31 00:59 371712 C:\Program Files\Intuit\SimpleStartEntice\entice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
--a------ 2007-03-06 17:22 36864 c:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a------ 2007-02-07 21:43 411768 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2006-12-06 20:08 577536 C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 07:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC55E9A7-838D-497F-9ED9-F72FBF9210F8}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{999490A7-6F93-4B4B-AA8E-01406F628B67}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{47EFF052-D88B-44F1-8F45-8B227EC4ADDD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2B9D25AC-6DA2-44EC-860C-3372F99F4AE1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BAF173E8-2498-40AA-BEB9-7D39FCDA7E78}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{EB725C22-08CA-4359-A389-CB1AB0284429}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{5A36C8EC-6669-40A3-8CB8-5E10BD0F8FE8}"= UDP:C:\Windows\System32\lxblcoms.exe:Lexmark Communications System
"{6A3C12BC-71CD-4B7C-A959-4015A9873BF1}"= TCP:C:\Windows\System32\lxblcoms.exe:Lexmark Communications System
"{5410818B-34FE-4011-8013-844914092F7F}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Printer Status Window
"{E2A54481-E7C1-4717-9D60-7CBFB057A140}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Printer Status Window
"{742075FC-A754-4CE9-9949-321CB4549938}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6FF4026A-87DF-481E-A695-FEA2D9555962}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C9F5268C-6BC0-444B-8AFC-7A9E03BD5918}"= UDP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{0EEC38B8-18EE-48EA-A24C-D26CA28B2797}"= TCP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{B8E4C276-60D8-482F-8C1F-C4B815753671}"= UDP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{C6F7A2C7-DF66-453D-A929-A3C39DF96BE3}"= TCP:C:\Users\Gina and Justin\Desktop\Trading\Optimize\utorrent.exe:µTorrent
"{633D9713-27ED-41EA-99D9-EFB7D9328D91}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{3D47E86D-2E84-4EEC-A837-349DD952A54D}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{476338AD-043D-4FCF-9F59-56FE86CE9794}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6ED161A7-DA37-463C-932A-A9D09EB7231B}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{52CA5884-5215-49CC-9A28-BE13D5AE5203}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7257F0BD-662C-41C2-BF7C-D351D86F1372}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C43E8FFD-9628-4DD2-9B5F-875F9E120DA7}"= Disabled:UDP:C:\Windows\System32\mpxu.exe:mpxu
"{02590F4D-F28A-431C-BA15-E84C3E968996}"= Disabled:TCP:C:\Windows\System32\mpxu.exe:mpxu
"{490E5182-F3F9-4A97-862D-ABA011293672}"= Disabled:UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{5333B407-41C4-44F2-A65B-611D11D153D7}"= Disabled:TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{D70F1425-9A2A-4E9C-8B88-F345A4160FCE}"= UDP:57781:uTorrent
"{F138C585-0658-43B4-95AD-0E1778CC6937}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{64730062-397E-48A5-841C-492045DA8617}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-03 22:02]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080116.003\IDSvix86.sys [2007-11-06 18:28]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 22:02]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 22:03]
R2 lxbl_device;lxbl_device;C:\Windows\system32\lxblcoms.exe [2007-04-20 13:24]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-03 22:03]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-02-08 07:10]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-02-08 07:10]
R3 slim;Sony Lucid Integrated Mpeg encoder;C:\Windows\system32\drivers\slim.sys [2007-01-30 07:01]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-03-07 07:06]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 17:32]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 13:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 02:30]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 14:41]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe" [2007-01-26 14:41]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-01-26 14:41]
S3 USBAVCap;AVerMedia USB TV Tuner Device;C:\Windows\system32\drivers\USBAVCap.sys [2006-11-27 19:46]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 19:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 17:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{135f4276-fc51-11dc-9f31-0013a9f737e6}]
\shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c474431b-9bb3-11dc-9e3a-0013a9f737e6}]
\shell\AutoRun\command - I:\setupSNK.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 01:02:42 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Gina and Justin.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 19:58:09
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07 19:59:44
ComboFix-quarantined-files.txt 2008-07-08 00:59:36
ComboFix2.txt 2008-07-04 20:54:54

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 135,105,413,120 bytes free

856 --- E O F --- 2008-07-07 19:36:46



Hijack This


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:23 PM, on 7/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Windows\System32\mpxu.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - (no file)
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9415 bytes



#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 AM

Posted 08 July 2008 - 03:44 AM

Hello Jmto2241,

Your logs look fine now :thumbsup:

I see however some entries from Norton/Symantec.
Are these leftovers from a previous install ?
Did you remove all components through Control Panel > Software from the Software list ?
If it's just leftovers, it might be good to download and run the appropriate [url="http://"http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039"]Norton Removal tool[/url]

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

No more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 AM

Posted 05 August 2008 - 07:05 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users