Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJack This Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HiJack This Log

Unread postby dearlymom » September 15th, 2010, 10:38 pm

WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [A5AGU.sys]
WARNING: Virus alike driver modification [slntamr.sys]
0x00DB0000 Hidden Image-->CFScan.dll [ EPROCESS 0x88DDB378 ] PID: 2272, 45056 bytes
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Chjw\3ea37477-bfe3-4203-8396-d1357d3c6a15.cm-2-p.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Chjw\4ce81761e817491a\917242a4-7ab7-44cf-b606-f7b342ff8003
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Chjw\4ce81761e817491a\d20d58b3-5de0-4209-9b1e-1ef74e550da8
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS01634.log
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\023407EFd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\0397D12Dd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\05339D87d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\06DA20B7d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\071B0075d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\0ADB21CDd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\0F1C861Cd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\1068431Fd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\183DAAB1d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\1DD43FD5d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\20751683d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\29A8BB4Dd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\33665BD4d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\34FA4F18d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\37F24D4Dd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\3D7FDA04d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\449ADC75d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\458A27C3d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\46F5BE21d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\4FC6D0E7d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\5186CAAAd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\51E30D6Ad01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\584E4DF9d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\6279496Fd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\65D1D95Ad01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\6C15FAD3d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\6E3361C3d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\701A7137d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\7246557Fd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\7260F983d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\746AEB15d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\7A0EDF46d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\7F31D222d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\84376312d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\884AA036d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\9CE1DE40d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\A63B5578d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\A837FE2Ad01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\B3371497d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\B7021C11d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\B90CA0FEd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\BF928EA7d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\BFF86678d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\C21400DDd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\C9803627d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\CE55E07Ad01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\CF66CA91d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\D0F5A3DAd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\D3A74934d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\D40061B6d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\D7703354d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\D9809AB6d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\DBB233ABd01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\E10A5E64d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\E1658E18d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\E2F2F4B2d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\F780CDE3d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\Cache\F7A06EC1d01
!-->[Hidden] C:\Documents and Settings\Kim Diers\Local Settings\Temporary Internet Files\Content.IE5\8ZK5IJEX\update[3].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\674U9WWL\!category-spiketv%7Cpos-btf%7Cresearch-survey%7Cenvid-origin%7Curi-_full-episode_dream-team_38344%7Ctag-adj%7Cmtype-standard%7Csz-1x2%7Ctile-5%7Cdemo-D;[1]]
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002AD8C, Type: Inline - RelativeJump 0x80501D8C-->80501DC8 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006AA8A, Type: Inline - RelativeJump 0x80541A8A-->80541A91 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeFindConfigurationEntry, Type: Inline - RelativeJump 0x806906DA-->806906F6 [ntkrnlpa.exe]
[1632]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1632]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1632]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1632]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1632]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1632]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1632]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[2448]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2448]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2448]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2448]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2448]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2448]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2448]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2448]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2448]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2448]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2448]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2904]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[2904]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[2904]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[3252]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[4068]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[4068]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[4068]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[4068]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[4068]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[4068]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[4068]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm
Advertisement
Register to Remove

Re: HiJack This Log

Unread postby dearlymom » September 15th, 2010, 10:41 pm

info.txt logfile of random's system information tool 1.08 2010-09-15 11:20:06

======Uninstall list======

-->MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
AVIConverter 3.0-->C:\Program Files\AVIConverter\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty - United Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities WFT-E1/E2/E3 Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cheat Engine 5.5-->"C:\Program Files\Atari\Cheat Engine\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Deer Hunter 5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 5\Uninst.isu"
Delta Force - Black Hawk Down-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x9 -uninst
Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
eXplorist Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92A40DC2-0ECD-4602-A79E-1DC53545C6EE}\setup.exe" -l0x9
Frogger v3.0e-->C:\WINDOWS\SCEEunin.exe C:\WINDOWS\Froggersetup.ini
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GRLevel3 version 1.22-->"C:\Program Files\GRLevelX\GRLevel3\unins000.exe"
GTK+ 1.3.0-20030619 runtime environment-->C:\WINDOWS\unins000.exe
H&R Block Minnesota 2009-->MsiExec.exe /X{E9A7FC2C-D719-4897-8018-44B0A8ACEC73}
H&R Block Premium + Efile + State 2009-->MsiExec.exe /X{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Homeschool Tracker Plus-->MsiExec.exe /I{130C6760-F4A8-46B8-8E41-82A3C2280D6A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_3096917\Setup.exe /APR-REMOVE
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logical Journey of the Zoombinis-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Zoombi32\DeIsL1.isu"
Magellan Communicator-->"C:\Program Files\InstallShield Installation Information\{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}\setup.exe" -runfromtemp -l0x0409 -removeonly
Magellan Communicator-->MsiExec.exe /X{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveX Control Pad-->C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo-->"C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets and Trips 2005 with USB GPS-->MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.6.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.3)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Python 2.2 pygame-1.5.6-->"C:\Python\Removepygame.exe" -u "C:\Python\pygame-wininst.log"
Python 2.2.3-->C:\Python\UNWISE.EXE C:\Python\INSTALL.LOG
QuickBooks Pro 2008-->msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RangeBooster G WUA-2340-->C:\Program Files\InstallShield Installation Information\{188CEE76-0503-4910-A845-E1DC45685DA0}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby dearlymom » September 15th, 2010, 10:43 pm

Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spotter Network Client-->C:\PROGRA~1\SPOTTE~1\UNWISE.EXE C:\PROGRA~1\SPOTTE~1\INSTALL.LOG
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB2.0 PC Camera (SN9C201&202)-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: EOC
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 53
Source Name: Ftdisk
Time Written: 20100708101233.000000-300
Event Type: error
User:

Computer Name: EOC
Event Code: 49
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby dearlymom » September 15th, 2010, 10:49 pm

I cannot seem to get the rest of the log to post or the other one either. It keeps telling me the service was reset. As you can see I tried breaking it down into smaller chucks, but it does not seem to like the last part of the log. I have not tried breaking the other one into smaller chucks.

Kim
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby Cypher » September 16th, 2010, 5:21 am

Hi dearlymom.
Ok we need to take a different approach.

MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Double click on MBRCheck.exe to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJack This Log

Unread postby dearlymom » September 16th, 2010, 8:46 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA779000 ACPI.sys
0xBADAA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8A8000 isapnp.sys
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA8B8000 MountMgr.sys
0xBA749000 ftdisk.sys
0xBADAC000 dmload.sys
0xBA723000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8C8000 VolSnap.sys
0xBA70B000 atapi.sys
0xBA8D8000 disk.sys
0xBA8E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xBA6EB000 fltmgr.sys
0xBA6D9000 sr.sys
0xBA6C2000 KSecDD.sys
0xBA6AF000 WudfPf.sys
0xBA622000 Ntfs.sys
0xBA5F5000 NDIS.sys
0xBA5DB000 Mup.sys
0xBA8F8000 avgrkx86.sys
0xBA908000 AVGIDSxx.sys
0xBA9F8000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xBAA08000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBAC28000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBAC30000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB9A9F000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBAC38000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB9A69000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB9A46000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9948000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB989C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBAC40000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9874000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xBAA18000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB978A000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBAA28000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBAA38000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBAA48000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBAC50000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB91B0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB919C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBAC60000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xBAA58000 \SystemRoot\system32\DRIVERS\jswscimd.sys
0xBAF29000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBAA68000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBAD88000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9185000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBAA78000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBAA88000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBAC68000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB9174000 \SystemRoot\System32\DRIVERS\psched.sys
0xBAA98000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBAC70000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBAC78000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9144000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBAAA8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBAC80000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBADF4000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB90E6000 \SystemRoot\System32\DRIVERS\update.sys
0xBA5B7000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBAAC8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBAAD8000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBAE06000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBAAE8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB6318000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB62F4000 \SystemRoot\system32\drivers\portcls.sys
0xBAAF8000 \SystemRoot\system32\drivers\drmk.sys
0xBAE0E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAEAB000 \SystemRoot\System32\Drivers\Null.SYS
0xBAE10000 \SystemRoot\System32\Drivers\Beep.SYS
0xBAB78000 \SystemRoot\System32\drivers\vga.sys
0xBAE12000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBAE14000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBAB80000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAB88000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBAD50000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB6299000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB6240000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB6206000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB5EC4000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB9C67000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBAD64000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB9C57000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBAB90000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xBAB98000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB5DD4000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB5DB2000 \SystemRoot\System32\drivers\afd.sys
0xBABB8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBAD78000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB9C37000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB5C7D000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB5C0D000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB9C17000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3661000 \SystemRoot\system32\DRIVERS\snp2sxp.sys
0xBA9C8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBAB60000 \SystemRoot\system32\DRIVERS\SNCAMD.SYS
0xBAB68000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB362D000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA9D8000 \SystemRoot\system32\drivers\usbaudio.sys
0xBAAB8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB41D9000 \SystemRoot\System32\drivers\Dxapi.sys
0xBAC88000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xBAFC2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBAB70000 \SystemRoot\System32\DRIVERS\AegisP.sys
0xB2F08000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xBA948000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
0xB2E6C000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
0xB2B84000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
0xB2A3F000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB2A06000 \SystemRoot\System32\Drivers\adfs.SYS
0xB42EE000 \??\C:\WINDOWS\system32\ANIO.SYS
0xB272F000 \SystemRoot\System32\DRIVERS\srv.sys
0xB287A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBAC90000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB24DC000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB22BF000 \SystemRoot\system32\drivers\wdmaud.sys
0xB23B4000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1F5E000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
1036 C:\WINDOWS\system32\smss.exe
1156 csrss.exe
1180 C:\WINDOWS\system32\winlogon.exe
1228 C:\WINDOWS\system32\services.exe
1240 C:\WINDOWS\system32\lsass.exe
1412 C:\WINDOWS\system32\svchost.exe
1472 svchost.exe
1628 C:\WINDOWS\system32\svchost.exe
1680 C:\WINDOWS\system32\svchost.exe
1732 C:\Program Files\AVG\AVG9\avgchsvx.exe
1740 C:\Program Files\AVG\AVG9\avgrsx.exe
1856 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1908 svchost.exe
124 svchost.exe
724 C:\WINDOWS\system32\spoolsv.exe
1320 svchost.exe
1284 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1548 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1568 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1608 C:\Program Files\AVG\AVG9\avgfws9.exe
1896 C:\Program Files\Bonjour\mDNSResponder.exe
352 C:\Program Files\AVG\AVG9\avgnsx.exe
1080 C:\Program Files\Java\jre6\bin\jqs.exe
2264 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2396 C:\WINDOWS\system32\nvsvc32.exe
2440 C:\WINDOWS\system32\PnkBstrA.exe
2476 C:\WINDOWS\system32\PnkBstrB.exe
2620 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2896 C:\WINDOWS\system32\svchost.exe
3012 C:\WINDOWS\system32\searchindexer.exe
3640 alg.exe
3468 C:\WINDOWS\explorer.exe
3764 C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
3772 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
3820 C:\WINDOWS\RTHDCPL.EXE
756 C:\WINDOWS\system32\rundll32.exe
2816 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1388 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3944 C:\Program Files\iTunes\iTunesHelper.exe
3980 C:\PROGRA~1\AVG\AVG9\avgtray.exe
1528 C:\WINDOWS\vsnp2std.exe
1960 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1984 C:\WINDOWS\system32\ctfmon.exe
2060 C:\Program Files\Skype\Phone\Skype.exe
1712 C:\Program Files\Pando Networks\Media Booster\PMB.exe
2196 C:\WINDOWS\system32\svchost.exe
2204 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
3964 C:\Documents and Settings\Kim Diers\Application Data\Dropbox\bin\Dropbox.exe
1592 C:\Program Files\SpotterNetwork\spotternetwork.exe
2948 C:\Program Files\iPod\bin\iPodService.exe
780 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2572 C:\Program Files\Mozilla Firefox\firefox.exe
2684 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
5908 C:\WINDOWS\system32\searchprotocolhost.exe
5928 searchfilterhost.exe
4156 C:\Documents and Settings\Kim Diers\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJS-65B4A0, Rev: 01.03A01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby dearlymom » September 16th, 2010, 8:47 am

Why wasn't I able to post the other logs?
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby Cypher » September 16th, 2010, 11:20 am

Hi dearlymom.
Why wasn't I able to post the other logs?

There could be a few reasons for that most likely the malware you have on board.
Please continue with the instructions below.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

Next.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJack This Log

Unread postby dearlymom » September 16th, 2010, 4:40 pm

ComboFix 10-09-15.03 - Kim Diers 09/16/2010 11:25:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1417 [GMT -5:00]
Running from: c:\documents and settings\Kim Diers\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kim Diers\Recent\Thumbs.db
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
C:\Thumbs.db

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-16 15:47 . 2010-09-16 15:48 -------- d-----w- c:\program files\ERUNT
2010-09-15 16:19 . 2010-09-15 16:20 -------- d-----w- C:\rsit
2010-09-15 15:45 . 2010-09-15 15:45 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Malwarebytes
2010-09-15 15:45 . 2010-09-15 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 15:45 . 2010-09-15 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 15:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 15:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 13:32 . 2010-09-16 13:06 -------- d-----w- c:\documents and settings\Kim Diers\Local Settings\Application Data\PMB Files
2010-09-11 13:32 . 2010-09-11 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-09-11 13:31 . 2010-09-11 13:31 -------- d-----w- c:\program files\Pando Networks
2010-09-06 13:49 . 2010-09-06 13:49 388096 ----a-r- c:\documents and settings\Kim Diers\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-06 13:49 . 2010-09-15 16:20 -------- d-----w- c:\program files\Trend Micro
2010-08-25 19:34 . 2010-08-25 19:34 -------- d-----w- c:\program files\KingsIsle Entertainment
2010-08-19 03:47 . 2010-08-19 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-19 03:41 . 2010-08-19 03:41 -------- d-----w- c:\documents and settings\Kim Diers\Local Settings\Application Data\Blizzard Entertainment
2010-08-19 03:35 . 2010-08-19 03:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-19 03:35 . 2010-09-01 17:51 -------- d-----w- c:\program files\World of Warcraft Trial
2010-08-18 03:03 . 2010-08-18 03:03 -------- d-----w- c:\program files\Disney

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 16:24 . 2009-09-09 03:59 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-09-16 16:23 . 2009-12-30 16:18 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Skype
2010-09-16 15:07 . 2009-12-20 05:05 0 -c--a-w- c:\documents and settings\Kim Diers\Local Settings\Application Data\prvlcl.dat
2010-09-16 13:07 . 2009-12-30 16:21 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\skypePM
2010-09-16 12:37 . 2009-10-19 00:50 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Dropbox
2010-09-16 12:37 . 2009-08-13 07:13 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\SpotterNetwork
2010-09-15 14:33 . 2009-08-13 07:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 14:33 . 2009-08-13 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-14 20:22 . 2009-09-09 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-09-14 20:21 . 2009-08-13 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-11 20:30 . 2009-10-03 18:27 7979 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-09-09 04:04 . 2009-08-22 03:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-08 22:15 . 2010-04-07 20:01 -------- d-----w- c:\program files\Missionary TECH Team
2010-09-06 21:01 . 2009-08-13 06:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-06 20:59 . 2009-08-13 05:15 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\GRLevel3
2010-09-06 14:04 . 2009-08-19 02:37 -------- d-s---w- c:\program files\Xfire
2010-08-16 14:45 . 2010-08-16 14:45 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 14:44 . 2009-09-09 02:45 -------- d-----w- c:\program files\Java
2010-08-16 02:09 . 2010-08-16 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-08-16 02:07 . 2010-08-16 02:05 -------- d-----w- c:\program files\World of Warcraft Installer
2010-08-16 01:45 . 2010-08-16 01:45 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\SiteRanker
2010-08-04 14:02 . 2010-08-04 14:02 348160 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-14cf7cd4-n\msvcr71.dll
2010-08-04 14:02 . 2010-08-04 14:02 503808 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-14cf7cd4-n\msvcp71.dll
2010-08-04 14:02 . 2010-08-04 14:02 499712 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-14cf7cd4-n\jmc.dll
2010-08-04 14:02 . 2010-08-04 14:02 61440 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1db58e45-n\decora-sse.dll
2010-08-04 14:02 . 2010-08-04 14:02 12800 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1db58e45-n\decora-d3d.dll
2010-07-30 22:42 . 2009-08-13 07:07 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Apple Computer
2010-07-27 14:50 . 2010-07-27 14:50 1206816 ----a-w- c:\windows\RtlUpd.exe
2010-07-26 16:55 . 2010-03-28 16:40 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Guob
2010-07-26 04:04 . 2009-10-03 13:10 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Suoc
2010-07-21 02:14 . 2010-07-21 02:14 -------- d-----w- c:\program files\Xenocode
2010-07-17 10:00 . 2010-08-16 14:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 22:54 . 2009-08-13 07:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 22:54 . 2010-07-16 22:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 22:54 . 2009-12-01 05:17 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-16 22:53 . 2009-08-13 07:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 15:57 . 2009-08-13 05:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-29 15:26 . 2010-03-07 13:19 439816 ----a-w- c:\documents and settings\Kim Diers\Application Data\Real\Update\setup3.10\setup.exe
2010-06-18 19:42 . 2010-07-30 02:33 229376 ----a-w- c:\documents and settings\Kim Diers\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-11 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-23 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-27 198160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Kim Diers\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Spotter Network (2).lnk - c:\program files\SpotterNetwork\spotternetwork.exe [2009-8-13 31199232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 22:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Kim Diers\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58908:TCP"= 58908:TCP:Pando Media Booster
"58908:UDP"= 58908:UDP:Pando Media Booster

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/1/2009 12:17 AM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/1/2009 12:17 AM 52872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/13/2009 2:39 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/13/2009 2:39 AM 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 5:54 PM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/16/2010 5:53 PM 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/1/2009 12:16 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/1/2009 12:16 AM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/1/2009 12:16 AM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/1/2009 12:16 AM 26192]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [8/12/2009 11:09 PM 57440]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/16/2010 5:53 PM 5897808]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [8/12/2009 11:09 PM 386784]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [10/29/2009 7:30 PM 29184]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/1/2009 12:16 AM 30104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/11/2009 3:26 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [8/12/2009 11:09 PM 356434]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\Mozilla Firefox.job
- c:\progra~1\MOZILL~1\firefox.exe [2009-08-30 14:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
FF - ProfilePath - c:\documents and settings\Kim Diers\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.isantiskywarn.org/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Kim Diers\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Kim Diers\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Kim Diers\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Magellan\npMgnPlg.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-tsnp2std - c:\windows\tsnp2std.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 11:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-09-16 11:37:37
ComboFix-quarantined-files.txt 2010-09-16 16:37

Pre-Run: 229,324,431,360 bytes free
Post-Run: 229,948,604,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 6983CD762AA2D025E11883A4D9360B42

The tab pop-ups have stopped and clicking on links seems to be taking us to the right page again. Is there anything else that needs to be done?

Thank you

Kim
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby Cypher » September 17th, 2010, 5:41 am

Hi dearlymom.
The tab pop-ups have stopped and clicking on links seems to be taking us to the right page again. Is there anything else that needs to be done?
Good news and yes we have more work to do so stay with me.

Uninstall PunkBuster
Please download PBSVC Setup Program. Save it to your desktop.
  1. Double click on pbsvc.exe to start it... then click Uninstall.
    Once that's finished...
  2. Click Start > Run and copy and paste the following into the open text box:
    Code: Select all
    cmd /c for %i in (A B K) do sc delete PnkBstr%i
  3. Click OK. A black box will flash very briefly, this is normal.
Let me know if you performed these steps successfully.

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    Driver::
    PnkBstrA
    PnkBstrB
    
    File::
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\windows\system32\drivers\PnkBstrK.sys
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=-
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"=- 
    "3389:TCP"=- 
    "58908:TCP"=- 
    "58908:UDP"=- 
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Next.

Post a New HJT Log
  • Start HijackThis.
  • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
  • When completed...Notepad will open with the new "hijackthis.log" file contents.
  • Copy/paste the entire (hijackthis.log) file contents in your next reply.


Logs/Information to Post in your Next Reply

  • ComboFix log.
  • HijackThis log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJack This Log

Unread postby dearlymom » September 17th, 2010, 11:29 am

ComboFix 10-09-16.06 - Kim Diers 09/17/2010 10:02:23.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1206 [GMT -5:00]
Running from: c:\documents and settings\Kim Diers\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kim Diers\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\drivers\PnkBstrK.sys"
"c:\windows\system32\PnkBstrA.exe"
"c:\windows\system32\PnkBstrB.exe"
.

((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-17 14:46 . 2010-09-17 14:46 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-17 13:07 . 2010-09-17 13:07 5133576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB18\FViewer\.update\.target\printeng.dll
2010-09-17 12:50 . 2010-09-17 12:50 1389832 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB18\Payroll\.update\.target\rules.resources.dll
2010-09-16 18:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-16 17:50 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-16 15:47 . 2010-09-16 15:48 -------- d-----w- c:\program files\ERUNT
2010-09-15 16:19 . 2010-09-15 16:20 -------- d-----w- C:\rsit
2010-09-15 15:45 . 2010-09-15 15:45 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Malwarebytes
2010-09-15 15:45 . 2010-09-15 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 15:45 . 2010-09-15 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 15:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 15:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 13:32 . 2010-09-17 13:11 -------- d-----w- c:\documents and settings\Kim Diers\Local Settings\Application Data\PMB Files
2010-09-11 13:32 . 2010-09-11 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-09-11 13:31 . 2010-09-11 13:31 -------- d-----w- c:\program files\Pando Networks
2010-09-06 13:49 . 2010-09-06 13:49 388096 ----a-r- c:\documents and settings\Kim Diers\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-06 13:49 . 2010-09-15 16:20 -------- d-----w- c:\program files\Trend Micro
2010-08-25 19:34 . 2010-08-25 19:34 -------- d-----w- c:\program files\KingsIsle Entertainment
2010-08-19 03:47 . 2010-08-19 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-19 03:41 . 2010-08-19 03:41 -------- d-----w- c:\documents and settings\Kim Diers\Local Settings\Application Data\Blizzard Entertainment
2010-08-19 03:35 . 2010-08-19 03:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-19 03:35 . 2010-09-01 17:51 -------- d-----w- c:\program files\World of Warcraft Trial

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 14:41 . 2009-12-30 16:18 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Skype
2010-09-17 13:34 . 2009-12-20 05:05 0 -c--a-w- c:\documents and settings\Kim Diers\Local Settings\Application Data\prvlcl.dat
2010-09-17 13:01 . 2009-12-30 16:21 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\skypePM
2010-09-17 12:44 . 2009-08-22 03:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-17 12:42 . 2009-08-13 07:13 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\SpotterNetwork
2010-09-17 12:41 . 2009-10-19 00:50 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Dropbox
2010-09-17 12:31 . 2009-09-09 03:59 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-09-17 12:31 . 2010-01-31 20:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-15 14:33 . 2009-08-13 07:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 14:33 . 2009-08-13 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-14 20:22 . 2009-09-09 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-09-14 20:21 . 2009-08-13 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-11 20:30 . 2009-10-03 18:27 7979 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-09-08 22:15 . 2010-04-07 20:01 -------- d-----w- c:\program files\Missionary TECH Team
2010-09-06 21:01 . 2009-08-13 06:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-06 20:59 . 2009-08-13 05:15 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\GRLevel3
2010-09-06 14:04 . 2009-08-19 02:37 -------- d-s---w- c:\program files\Xfire
2010-08-18 03:03 . 2010-08-18 03:03 -------- d-----w- c:\program files\Disney
2010-08-17 13:17 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 14:45 . 2010-08-16 14:45 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 14:44 . 2009-09-09 02:45 -------- d-----w- c:\program files\Java
2010-08-16 02:09 . 2010-08-16 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-08-16 02:07 . 2010-08-16 02:05 -------- d-----w- c:\program files\World of Warcraft Installer
2010-08-16 01:45 . 2010-08-16 01:45 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\SiteRanker
2010-08-04 14:02 . 2010-08-04 14:02 348160 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-14cf7cd4-n\msvcr71.dll
2010-08-04 14:02 . 2010-08-04 14:02 503808 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-14cf7cd4-n\msvcp71.dll
2010-08-04 14:02 . 2010-08-04 14:02 499712 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-14cf7cd4-n\jmc.dll
2010-08-04 14:02 . 2010-08-04 14:02 61440 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1db58e45-n\decora-sse.dll
2010-08-04 14:02 . 2010-08-04 14:02 12800 ----a-w- c:\documents and settings\Kim Diers\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1db58e45-n\decora-d3d.dll
2010-07-30 22:42 . 2009-08-13 07:07 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Apple Computer
2010-07-27 14:50 . 2010-07-27 14:50 1206816 ----a-w- c:\windows\RtlUpd.exe
2010-07-26 16:55 . 2010-03-28 16:40 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Guob
2010-07-26 04:04 . 2009-10-03 13:10 -------- d-----w- c:\documents and settings\Kim Diers\Application Data\Suoc
2010-07-22 15:49 . 2003-03-31 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-08-13 04:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 02:14 . 2010-07-21 02:14 -------- d-----w- c:\program files\Xenocode
2010-07-17 10:00 . 2010-08-16 14:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 22:54 . 2009-08-13 07:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 22:54 . 2010-07-16 22:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 22:54 . 2009-12-01 05:17 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-16 22:53 . 2009-08-13 07:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 15:57 . 2009-08-13 05:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 15:26 . 2010-03-07 13:19 439816 ----a-w- c:\documents and settings\Kim Diers\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:22 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-16_16.35.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-17 12:31 . 2010-09-17 12:31 16384 c:\windows\Temp\Perflib_Perfdata_7e4.dat
- 2009-08-13 03:56 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2009-08-13 03:56 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
- 2003-03-31 12:00 . 2010-06-14 03:52 78958 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-09-17 05:54 78958 c:\windows\system32\perfc009.dat
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2009-03-08 09:31 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
- 2003-03-31 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2003-03-31 12:00 . 2008-04-14 10:41 80384 c:\windows\system32\iccvid.dll
+ 2009-08-13 06:20 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-13 06:20 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2009-08-13 06:20 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-08-13 06:20 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 09:33 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 09:33 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2003-03-31 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-09-17 05:57 . 2010-09-17 05:57 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-01 03:22 . 2010-06-01 03:22 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-17 05:50 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a1f852cc\System.Drawing.Design.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9b29b829\CustomMarshalers.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-09-17 05:56 . 2010-09-17 05:56 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-09-17 05:55 . 2010-09-17 05:55 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f5ff3e17f6e213811a108110f7b74ce0\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\671fd43afa00654c9a8c2b9587a08eca\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\34fba6455956a34ed45c4fc20743d5c4\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\19ca3a2c95ca0893c952d37e74c039ad\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-09-17 12:36 . 2010-09-17 12:36 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-13 06:23 . 2009-08-13 06:23 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-09-17 05:44 . 2010-09-17 05:44 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-08-23 20:43 . 2010-09-17 06:00 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-09-17 05:54 . 2010-09-17 05:54 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2003-03-31 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2003-03-31 12:00 . 2008-04-14 10:42 293376 c:\windows\system32\winsrv.dll
+ 2003-03-31 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2003-03-31 12:00 . 2008-04-14 10:42 406016 c:\windows\system32\usp10.dll
+ 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\system32\PresentationHost.exe
- 2003-03-31 12:00 . 2010-06-14 03:52 465072 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2010-09-17 05:54 465072 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2003-03-31 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2003-03-31 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
- 2003-03-31 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\system32\mscoree.dll
+ 2006-10-19 02:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2009-08-11 20:14 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2003-03-31 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2003-03-31 12:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
- 2003-03-31 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2003-03-31 12:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2003-03-31 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2003-03-31 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2009-06-26 16:50 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-26 16:50 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-08-13 04:32 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 09:34 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:34 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:32 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 09:32 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-13 06:20 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2009-08-13 04:20 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-13 06:20 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-13 06:20 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 09:31 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 09:31 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 19:09 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 19:09 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 09:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 09:32 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2003-03-31 12:00 . 2008-04-14 10:39 285696 c:\windows\system32\atmfd.dll
+ 2003-03-31 12:00 . 2010-04-20 05:30 285696 c:\windows\system32\atmfd.dll
- 2009-08-11 20:14 . 2008-04-14 10:42 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
+ 2009-08-11 20:14 . 2010-06-14 14:31 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\2d817e0.msp
+ 2009-08-23 20:43 . 2010-09-17 06:00 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-08-23 20:43 . 2010-09-17 06:00 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-08-23 20:43 . 2010-05-13 04:21 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-09-17 05:50 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-09-17 05:50 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-09-17 05:50 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-09-17 05:50 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-09-17 05:50 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-09-17 05:50 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-09-17 05:58 . 2010-09-17 05:58 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4c7db830\System.Drawing.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_592a1c47\System.Drawing.Design.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_147caa1c\CustomMarshalers.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-09-17 06:00 . 2010-09-17 06:00 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-09-17 12:39 . 2010-09-17 12:39 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1d66495fd7a23500f7f8262b200c9b8b\System.Management.Automation.resources.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-09-17 12:36 . 2010-09-17 12:36 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-09-17 05:57 . 2010-09-17 05:57 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-09-17 12:36 . 2010-09-17 12:36 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ddf0b43a5467013f826232fb4d059880\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c314791ced733fca0b01d97f87c1671b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\95283aeaf043cf6550f525f7c2533344\Microsoft.PowerShell.Security.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\29b677e9d1a41f78bd85463edc26891e\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-09-17 12:36 . 2010-09-17 12:36 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-17 05:44 . 2010-09-17 05:44 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-17 05:44 . 2010-09-17 05:44 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-17 05:44 . 2010-09-17 05:44 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-13 06:23 . 2009-08-13 06:23 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2003-03-31 12:00 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2003-03-31 12:00 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2003-03-31 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2003-03-31 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2003-03-31 12:00 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
- 2003-03-31 12:00 . 2010-02-17 14:10 2189952 c:\windows\system32\ntoskrnl.exe
- 2002-08-29 01:04 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2002-08-29 01:04 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2003-03-31 12:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2003-03-31 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2003-03-31 12:00 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
- 2009-08-11 11:49 . 2010-06-01 13:03 2046024 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-11 11:49 . 2010-09-17 12:31 2046024 c:\windows\system32\FNTCACHE.DAT
+ 2003-03-31 12:00 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-04-17 12:26 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2009-06-26 16:50 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
- 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-03 19:09 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
- 2009-08-13 04:35 . 2010-02-17 14:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-13 04:35 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-08-13 04:35 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-08-13 04:35 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-13 04:35 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-08-13 04:35 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-13 04:22 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2009-08-13 04:22 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-07-18 16:05 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 21:25 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 21:25 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-08-13 06:20 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-08-05 15:57 . 2010-08-05 15:57 4066304 c:\windows\Installer\2d818e5.msp
+ 2010-06-28 21:01 . 2010-06-28 21:01 7677952 c:\windows\Installer\2d818c4.msp
+ 2010-05-25 16:45 . 2010-05-25 16:45 8445440 c:\windows\Installer\2d818a0.msp
+ 2010-06-29 03:53 . 2010-06-29 03:53 6819840 c:\windows\Installer\2d8186e.msp
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\2d81850.msp
+ 2010-08-20 18:50 . 2010-08-20 18:50 5518848 c:\windows\Installer\2d8182c.msp
+ 2010-08-04 20:12 . 2010-08-04 20:12 1004544 c:\windows\Installer\2d81813.msp
+ 2010-08-25 22:06 . 2010-08-25 22:06 6479360 c:\windows\Installer\2d8180c.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\2d817ec.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\2d817eb.msp
+ 2010-04-24 22:10 . 2010-04-24 22:10 8486400 c:\windows\Installer\2d817d9.msp
+ 2010-07-11 01:14 . 2010-07-11 01:14 2850816 c:\windows\Installer\2d817d1.msp
+ 2010-05-03 21:06 . 2010-05-03 21:06 5053952 c:\windows\Installer\2d817c9.msp
+ 2009-08-19 23:04 . 2009-08-19 23:04 4542296 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\WRD12CNV.DLL
+ 2010-09-17 05:50 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-09-17 05:50 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2009-08-13 04:35 . 2010-02-17 14:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-13 04:35 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-08-13 04:35 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-08-13 04:35 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-08-13 04:35 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-08-13 04:35 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-09-17 05:58 . 2010-09-17 05:58 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_dc8a1b46\System.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d1697c10\System.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_65676b55\System.Xml.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_21fdd466\System.Xml.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_954b73df\System.Windows.Forms.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_716b4b36\System.Windows.Forms.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e718d1d5\System.Drawing.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2d97a3f3\System.Design.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1ea76069\System.Design.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7eca2892\mscorlib.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_13af4dde\mscorlib.dll
+ 2010-09-17 05:55 . 2010-09-17 05:55 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-09-17 05:55 . 2010-09-17 05:55 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-09-17 12:39 . 2010-09-17 12:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-09-17 12:39 . 2010-09-17 12:39 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\cf2f92b2b626f7e53e80146b17bd7bed\System.Management.Automation.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-09-17 05:55 . 2010-09-17 05:55 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-09-17 12:37 . 2010-09-17 12:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-09-17 05:55 . 2010-09-17 05:55 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-16 03:45 . 2009-10-16 03:45 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-09-17 05:44 . 2010-09-17 05:44 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-09-17 05:55 . 2010-09-17 05:55 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-16 03:44 . 2009-10-16 03:44 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-17 05:55 . 2010-09-17 05:55 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-08-13 06:23 . 2009-08-13 06:23 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-09-17 05:54 . 2010-09-17 05:54 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-16 03:40 . 2009-10-16 03:40 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-16 03:40 . 2009-10-16 03:40 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-13 04:49 . 2010-09-10 19:34 35552200 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2010-06-24 22:51 11077120 c:\windows\system32\ieframe.dll
+ 2009-08-13 06:20 . 2010-06-24 22:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-05-11 16:30 . 2010-05-11 16:30 11194880 c:\windows\Installer\2d818b2.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\2d8188e.msp
+ 2010-04-24 22:09 . 2010-04-24 22:09 11750912 c:\windows\Installer\2d81876.msp
+ 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\2d8185c.msp
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\2d81836.msp
+ 2010-09-17 05:45 . 2010-09-17 05:45 15710720 c:\windows\Installer\2d8181b.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\2d817fa.msp
+ 2009-08-17 22:39 . 2009-08-17 22:39 15119720 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\XL12CNV.EXE
+ 2009-08-17 21:40 . 2009-08-17 21:40 17309040 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\MSO.DLL
+ 2010-09-17 05:50 . 2010-02-25 16:54 11070976 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-09-17 05:59 . 2010-09-17 05:59 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-09-17 12:38 . 2010-09-17 12:38 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-09-17 12:36 . 2010-09-17 12:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ef67ec8c2cbadb84db79db3513cd25fa\System.ServiceModel.ni.dll
+ 2010-09-17 05:58 . 2010-09-17 05:58 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-09-17 05:57 . 2010-09-17 05:57 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-09-17 05:56 . 2010-09-17 05:56 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-09-17 05:53 . 2010-09-17 05:53 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-11 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-23 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-27 198160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Kim Diers\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Spotter Network (2).lnk - c:\program files\SpotterNetwork\spotternetwork.exe [2009-8-13 31199232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 22:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Kim Diers\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/1/2009 12:17 AM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/1/2009 12:17 AM 52872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/13/2009 2:39 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/13/2009 2:39 AM 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 5:54 PM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/16/2010 5:53 PM 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/1/2009 12:16 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/1/2009 12:16 AM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/1/2009 12:16 AM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/1/2009 12:16 AM 26192]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [8/12/2009 11:09 PM 57440]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/16/2010 5:53 PM 5897808]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [8/12/2009 11:09 PM 386784]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [10/29/2009 7:30 PM 29184]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/1/2009 12:16 AM 30104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/11/2009 3:26 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [8/12/2009 11:09 PM 356434]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\Mozilla Firefox.job
- c:\progra~1\MOZILL~1\firefox.exe [2009-08-30 16:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
FF - ProfilePath - c:\documents and settings\Kim Diers\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.isantiskywarn.org/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Kim Diers\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Kim Diers\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Kim Diers\Application Data\Mozilla\Firefox\Profiles\4lj5dpub.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Magellan\npMgnPlg.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 10:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\KIMDIE~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1184)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\WININET.dll
c:\documents and settings\Kim Diers\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-17 10:09:52
ComboFix-quarantined-files.txt 2010-09-17 15:09
ComboFix2.txt 2010-09-16 16:37

Pre-Run: 228,201,033,728 bytes free
Post-Run: 228,233,650,176 bytes free

- - End Of File - - 46F0798C567781AE47C7D6AAD19C9007


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:29 AM, on 9/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Documents and Settings\Kim Diers\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\SpotterNetwork\spotternetwork.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Kim Diers\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Spotter Network (2).lnk = C:\Program Files\SpotterNetwork\spotternetwork.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9FB232C5-6909-4F81-99B4-BAB4998940F2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0136697256
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 9572 bytes


The computer seems to be running great. We have not run into any problems since the fix yesterday. Thank you for all you help.

Kim
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby Cypher » September 17th, 2010, 11:44 am

Hi kim.
Thank you for all you help.

You're most welcome.
Ok you're logs look good but we need to run one more scan to check for leftovers.

Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Run ATF Cleaner again it should still be on you're desktop.

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the below scan.

Next.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to Kaspersky Online Scan
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.



Logs/Information to Post in your Next Reply

  • Kaspersky log.
  • Please give me one more update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJack This Log

Unread postby dearlymom » September 17th, 2010, 5:01 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 17, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 17, 2010 08:56:15
Records in database: 4215744
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 150366
Threats found: 33
Infected objects found: 84
Suspicious objects found: 0
Scan duration: 03:19:47


File name / Threat / Threats count
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Inbox Infected: Worm.Win32.AutoRun.mfa 1
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Inbox Infected: Worm.Win32.AutoRun.mhn 1
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Inbox Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Inbox Infected: Worm.Win32.Downloader.vr 1
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Junk Infected: Worm.Win32.AutoRun.mfa 1
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Junk Infected: Worm.Win32.AutoRun.mhn 1
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Junk Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\Andrew\My Documents\Thunderbird\Mail\mail.diers.us\Junk Infected: Worm.Win32.Downloader.vr 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Downloader.Win32.Agent.dnjy 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.VBKrypt.td 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.VBKrypt.xh 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Packed.Win32.Krap.an 2
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Worm.Win32.Mabezat.h 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.VBKrypt.zl 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Packed.Win32.Krap.hm 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Worm.Win32.VBNA.b 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Genome.kfov 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Genome.kfpf 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Downloader.HTML.Meta.h 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Downloader.JS.Small.on 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Downloader.Win32.Small.kop 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Dropper.Win32.HDrop.jo 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Pakes.ogi 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Spy.Win32.Zbot.ammv 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Regrun.hro 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Regrun.hrp 3
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Regrun.hrq 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Regrun.hrw 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.Win32.Regrun.htj 3
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Downloader.HTML.Small.ao 2
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan-Downloader.JS.Agent.fnr 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.JS.Fraud.ap 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Inbox Infected: Trojan.JS.Redirector.ls 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Downloader.Win32.Genome.ahet 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Downloader.Win32.Agent.dnjy 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.VBKrypt.td 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.VBKrypt.xh 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Packed.Win32.Krap.an 2
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.VBKrypt.zl 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Packed.Win32.Krap.hm 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Worm.Win32.VBNA.b 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Genome.kfov 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Genome.kfpf 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Downloader.JS.Small.on 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Downloader.Win32.Small.kop 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Dropper.Win32.HDrop.jo 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Pakes.ogi 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Regrun.hrq 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Regrun.hrw 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Spy.Win32.Zbot.ammv 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Regrun.hro 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Regrun.hrp 3
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.Win32.Regrun.htj 3
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Downloader.HTML.Small.ao 2
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan-Downloader.JS.Agent.fnr 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.JS.Fraud.ap 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers-1.us\Junk Infected: Trojan.JS.Redirector.ls 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Inbox Infected: Worm.Win32.AutoRun.mfa 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Inbox Infected: Worm.Win32.AutoRun.mhn 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Inbox Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Inbox Infected: Worm.Win32.Downloader.vr 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Junk Infected: Worm.Win32.AutoRun.mfa 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Junk Infected: Worm.Win32.AutoRun.mhn 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Junk Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\mail.diers.us\Junk Infected: Worm.Win32.Downloader.vr 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\pop.domains.lycos.com\Inbox Infected: Backdoor.Win32.EggDrop.afz 1
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default\Mail\pop.domains.lycos.com\Inbox Infected: Packed.Win32.Krap.an 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\1f28756c-5d3d8004 Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{F6568380-575E-4276-AE80-CF3854D5A700}\RP50\A0008904.sys Infected: Virus.Win32.TDSS.b 1

Selected area has been scanned.

Everything seems to be working fine so far. Why did we uninstall Spybot and will we be reinstalling it?

Kim
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm

Re: HiJack This Log

Unread postby Cypher » September 18th, 2010, 5:42 am

Hi kim.
Why did we uninstall Spybot and will we be reinstalling it?

I had you remove spybot because it would of interfered with the tools we used to clean you're PC.
You can reinstall it if you wish, i will be recommending some security applications for you to use.

Infected emails

What the Kaspersky scan found are stored emails in your Thunderbird account, unfortunately I cannot tell which one or ones it is.
What I need you to do is go through all of your emails in your Inbox box and junk box, and any other saved boxes you may have.
Please delete any that you don't want/need/recognize. Odds are that the infected email will have an attachment or at least a link.
Therefore, do not open any attachments or click on any links.

Can you tell me what the below folder is?
C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJack This Log

Unread postby dearlymom » September 18th, 2010, 9:59 am

C:\Documents and Settings\Kim Diers\My Documents\t9voer1c.default
[/quote]

My son just informed me that it is the e-mail file that we copied from an old computer.

Will all of this cleaning up also clean up all users on the computer or only the user that is logged in at the time? They have all been run under my user account and my settings are set as administrator.

Thank you for all your help.

Kim
dearlymom
Regular Member
 
Posts: 30
Joined: April 3rd, 2006, 7:55 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: mAL_rEm018 and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware