ComboFix 08-04-22.1 - Debbie 2008-04-23 4:04:18.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1103 [GMT -5:00]
Running from: C:\Users\Debbie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Debbie\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Users\Debbie\AppData\Local\Temp\rjdruxmm.dll
C:\Windows\System32\dwifqrlh.ini
C:\Windows\System32\fsosbxai.ini
C:\Windows\System32\jgqapjie.ini
C:\Windows\System32\mawbnhbd.ini
C:\Windows\System32\wlbglosp.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\dwifqrlh.ini
C:\Windows\System32\fsosbxai.ini
C:\Windows\System32\jgqapjie.ini
C:\Windows\System32\mawbnhbd.ini
C:\Windows\System32\wlbglosp.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-23 04:01 . 2008-04-23 04:02 752 --a------ C:\Users\Debbie\CFScript.txt
2008-04-22 11:00 . 2008-04-22 19:57 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{96910ef5-0fe9-11dd-9471-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-22 11:00 . 2008-04-22 19:57 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{96910ef5-0fe9-11dd-9471-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-22 11:00 . 2008-04-22 19:57 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{96910ef7-0fe9-11dd-9471-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-22 11:00 . 2008-04-22 19:57 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{96910ef7-0fe9-11dd-9471-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-22 11:00 . 2008-04-22 19:57 524,288 --ahs---- C:\Users\Debbie\ntuser.dat{96910ef9-0fe9-11dd-9471-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-22 11:00 . 2008-04-22 19:57 524,288 --ahs---- C:\Users\Debbie\ntuser.dat{96910ef9-0fe9-11dd-9471-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-22 11:00 . 2008-04-22 19:57 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{96910ef5-0fe9-11dd-9471-001bfc41104b}.TM.blf
2008-04-22 11:00 . 2008-04-22 19:57 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{96910ef7-0fe9-11dd-9471-001bfc41104b}.TM.blf
2008-04-22 11:00 . 2008-04-22 19:57 65,536 --ahs---- C:\Users\Debbie\ntuser.dat{96910ef9-0fe9-11dd-9471-001bfc41104b}.TM.blf
2008-04-22 10:57 . 2008-04-22 10:57 262,144 --ah----- C:\Users\Debbie\ntuser.dat_TU_64095.LOG1
2008-04-22 10:57 . 2008-04-22 10:57 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT_TU_47842.LOG2
2008-04-22 10:57 . 2008-04-22 10:57 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT_TU_47842.LOG1
2008-04-22 10:57 . 2008-04-22 10:57 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT_TU_36288.LOG2
2008-04-22 10:57 . 2008-04-22 10:57 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT_TU_36288.LOG1
2008-04-22 10:57 . 2008-04-22 10:57 0 --ah----- C:\Users\Debbie\ntuser.dat_TU_64095.LOG2
2008-04-22 09:36 . 2008-04-22 09:36 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-22 09:36 . 2008-04-22 09:36 1,409 --a------ C:\Windows\QTFont.for
2008-04-22 03:24 . 2008-04-22 03:24 <DIR> d-------- C:\Users\All Users\Astar Games
2008-04-22 03:24 . 2008-04-22 03:24 <DIR> d-------- C:\ProgramData\Astar Games
2008-04-22 00:57 . 2008-04-22 03:44 <DIR> d-------- C:\Program Files\Abundante
2008-04-22 00:56 . 2008-04-22 03:44 <DIR> d-------- C:\Program Files\Ice Cream Mania
2008-04-21 14:37 . 2008-04-21 14:37 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-20 07:11 . 2008-04-20 07:11 <DIR> d-------- C:\Windows\Web
2008-04-19 10:03 . 2008-04-19 10:03 <DIR> d-------- C:\Users\Debbie\AppData\Roaming\MusicNet
2008-04-19 01:07 . 2008-04-19 01:07 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-04-19 01:07 . 2008-04-19 01:07 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-04-19 00:52 . 2008-04-19 00:52 0 --ah----- C:\Users\Default\ntuser.dat.LOG2
2008-04-19 00:52 . 2008-04-19 00:52 0 --ah----- C:\Users\All Users\ntuser.dat.LOG2
2008-04-19 00:52 . 2008-04-19 00:52 0 --ah----- C:\ProgramData\ntuser.dat.LOG2
2008-04-19 00:51 . 2008-04-19 00:51 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-19 00:51 . 2004-12-03 13:23 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-04-19 00:11 . 2008-04-19 02:41 <DIR> d-------- C:\Program Files\iPod
2008-04-18 20:14 . 2008-04-18 20:14 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-18 20:10 . 2008-04-18 20:10 <DIR> d-------- C:\Users\All Users\Avira
2008-04-18 20:10 . 2008-04-18 20:10 <DIR> d-------- C:\ProgramData\Avira
2008-04-18 20:10 . 2008-04-18 20:10 <DIR> d-------- C:\Program Files\Avira
2008-04-18 15:48 . 2008-04-18 15:48 <DIR> d-------- C:\Windows\Profiles
2008-04-18 02:22 . 2008-04-18 02:22 73 --a------ C:\Windows\EurekaLog.ini
2008-04-18 02:17 . 2008-04-18 02:17 <DIR> d-------- C:\Users\Debbie\AppData\Roaming\URSoft
2008-04-18 01:00 . 2008-04-18 01:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-16 01:50 . 2008-04-16 12:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-16 01:21 . 2008-04-16 01:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-15 22:44 . 2008-04-15 22:44 <DIR> d-------- C:\Users\Debbie\AppData\Roaming\Runes of Avalon 2
2008-04-15 15:43 . 2008-04-16 01:57 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3936ef5b-0af4-11dd-83cc-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-15 15:43 . 2008-04-22 10:58 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3936ef5b-0af4-11dd-83cc-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-15 15:43 . 2008-04-16 01:57 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3936ef5d-0af4-11dd-83cc-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-15 15:43 . 2008-04-22 10:58 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3936ef5d-0af4-11dd-83cc-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-15 15:43 . 2008-04-16 01:57 524,288 --ahs---- C:\Users\Debbie\ntuser.dat{3936ef5f-0af4-11dd-83cc-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-15 15:43 . 2008-04-22 10:58 524,288 --ahs---- C:\Users\Debbie\ntuser.dat{3936ef5f-0af4-11dd-83cc-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-15 15:43 . 2008-04-22 10:58 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3936ef5b-0af4-11dd-83cc-001bfc41104b}.TM.blf
2008-04-15 15:43 . 2008-04-22 10:58 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3936ef5d-0af4-11dd-83cc-001bfc41104b}.TM.blf
2008-04-15 15:43 . 2008-04-22 10:58 65,536 --ahs---- C:\Users\Debbie\ntuser.dat{3936ef5f-0af4-11dd-83cc-001bfc41104b}.TM.blf
2008-04-14 16:53 . 2008-04-14 16:53 294 ---hs---- C:\Windows\System32\pldfpifs.ini
2008-04-14 01:17 . 2008-01-19 02:43 3,600,440 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-14 01:17 . 2008-01-19 02:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-14 01:17 . 2008-01-19 02:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-14 01:15 . 2008-01-19 02:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-14 01:14 . 2008-01-19 02:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-04-14 01:13 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-14 01:12 . 2008-01-19 02:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-14 01:12 . 2008-01-19 02:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-14 01:12 . 2008-01-05 06:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-04-14 01:12 . 2008-01-05 06:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-04-14 01:12 . 2008-01-05 06:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-04-14 01:12 . 2008-01-05 06:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-14 01:11 . 2008-01-19 02:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-14 01:11 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-14 01:11 . 2008-01-19 02:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-14 01:11 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-14 01:10 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-14 01:10 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-14 01:10 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-14 01:10 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-14 01:03 . 2008-04-20 18:43 635 --a------ C:\Windows\wininit.ini
2008-04-14 00:41 . 2008-04-14 00:41 131,784 --ah----- C:\Windows\System32\mlfcache.dat
2008-04-13 14:22 . 2008-04-13 14:24 524,288 --ahs---- C:\Users\Debbie\ntuser.dat{282f4748-098b-11dd-b2e2-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-13 14:22 . 2008-04-13 14:24 524,288 --ahs---- C:\Users\Debbie\ntuser.dat{282f4748-098b-11dd-b2e2-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-13 14:22 . 2008-04-13 14:24 65,536 --ahs---- C:\Users\Debbie\ntuser.dat{282f4748-098b-11dd-b2e2-001bfc41104b}.TM.blf
2008-04-13 14:21 . 2008-04-13 14:25 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{282f4744-098b-11dd-b2e2-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-13 14:21 . 2008-04-13 14:25 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{282f4744-098b-11dd-b2e2-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-13 14:21 . 2008-04-13 14:25 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{282f4746-098b-11dd-b2e2-001bfc41104b}.TMContainer00000000000000000002.regtrans-ms
2008-04-13 14:21 . 2008-04-13 14:25 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{282f4746-098b-11dd-b2e2-001bfc41104b}.TMContainer00000000000000000001.regtrans-ms
2008-04-13 14:21 . 2008-04-13 14:25 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{282f4744-098b-11dd-b2e2-001bfc41104b}.TM.blf
2008-04-13 14:21 . 2008-04-13 14:25 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{282f4746-098b-11dd-b2e2-001bfc41104b}.TM.blf
2008-04-13 14:20 . 2008-04-13 14:20 262,144 --ah----- C:\Users\Debbie\ntuser.dat_TU_98237.LOG1
2008-04-13 14:20 . 2008-04-13 14:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT_TU_44742.LOG2
2008-04-13 14:20 . 2008-04-13 14:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT_TU_44742.LOG1
2008-04-13 14:20 . 2008-04-13 14:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT_TU_58655.LOG2
2008-04-13 14:20 . 2008-04-13 14:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT_TU_58655.LOG1
2008-04-13 14:20 . 2008-04-13 14:20 0 --ah----- C:\Users\Debbie\ntuser.dat_TU_98237.LOG2
2008-04-13 02:25 . 2008-04-13 02:25 <DIR> d-------- C:\Users\Debbie\AppData\Roaming\Webroot
2008-04-13 02:25 . 2008-04-13 02:25 <DIR> d-------- C:\Users\All Users\Webroot
2008-04-13 02:25 . 2008-04-13 02:25 <DIR> d-------- C:\ProgramData\Webroot
2008-04-13 02:25 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-04-13 02:24 . 2008-04-13 02:24 164 --a------ C:\install.dat
2008-04-12 12:48 . 2008-04-12 12:48 0 --ah----- C:\Users\Public\ntuser.dat.LOG2
2008-04-12 12:25 . 2008-04-12 12:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 22:11 . 2008-04-18 20:36 <DIR> d-------- C:\Users\All Users\clmjepqr
2008-04-11 22:11 . 2008-04-18 20:36 <DIR> d-------- C:\ProgramData\clmjepqr
2008-04-08 19:58 . 2008-04-08 19:58 <DIR> d-------- C:\Program Files\CONEXANT
2008-04-08 19:48 . 2008-02-29 02:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-08 19:48 . 2008-02-29 02:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-08 19:48 . 2008-02-22 00:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-08 19:48 . 2008-02-29 01:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-08 19:48 . 2008-02-28 23:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 19:48 . 2008-02-29 01:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-08 19:48 . 2008-02-29 01:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 19:48 . 2008-02-29 02:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 19:48 . 2008-02-28 23:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 19:48 . 2008-02-29 01:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 19:47 . 2008-02-21 21:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-08 19:47 . 2008-02-22 00:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-08 19:42 . 2008-02-28 23:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 19:42 . 2008-02-21 23:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-07 01:19 . 2008-04-07 01:19 <DIR> d-------- C:\Users\Debbie\AppData\Roaming\Jane s Hotel Family Hero
2008-04-07 00:21 . 2008-04-15 20:38 <DIR> d-------- C:\Program Files\Janes Hotel Family Hero
2008-04-06 17:46 . 2008-04-06 17:46 <DIR> d-------- C:\Program Files\iTunes
2008-04-06 17:42 . 2008-04-06 17:43 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 01:33 . 2008-04-05 01:33 <DIR> d-------- C:\Users\All Users\Meridian93
2008-04-05 01:33 . 2008-04-05 01:33 <DIR> d-------- C:\ProgramData\Meridian93
2008-03-31 16:25 . 2008-03-31 16:25 831,488 --a------ C:\Windows\System32\divx_xx0a.dll
2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\Windows\System32\divx_xx0c.dll
2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\Windows\System32\divx_xx07.dll
2008-03-31 16:25 . 2008-03-31 16:25 802,816 --a------ C:\Windows\System32\divx_xx11.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 06:47 --------- d-----w C:\Users\Debbie\AppData\Roaming\Azureus
2008-04-22 17:31 --------- d-----w C:\Users\Debbie\AppData\Roaming\SuperNZB
2008-04-20 22:05 29,952 ----a-w C:\Windows\Help\OEM\Scripts\HPScript.exe
2008-04-19 05:53 --------- d-----w C:\Program Files\Yahoo!
2008-04-19 05:52 262,144 ----a-w C:\ProgramData\ntuser.dat
2008-04-19 05:06 174 --sha-w C:\Program Files\desktop.ini
2008-04-19 04:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 04:58 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-19 04:58 --------- d-----w C:\Program Files\Windows Mail
2008-04-19 04:58 --------- d-----w C:\Program Files\Windows Journal
2008-04-19 04:58 --------- d-----w C:\Program Files\Windows Defender
2008-04-19 04:58 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-19 04:58 --------- d-----w C:\Program Files\Windows Calendar
2008-04-19 04:57 --------- d-----w C:\Program Files\Microsoft Games
2008-04-19 04:45 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-19 04:45 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-19 01:20 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-18 20:35 --------- d---a-w C:\ProgramData\TEMP
2008-04-18 07:25 --------- d-----w C:\ProgramData\eBay
2008-04-18 07:08 --------- d-----w C:\ProgramData\WholeSecurity
2008-04-18 02:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 16:32 --------- d-----w C:\Program Files\Java
2008-04-17 03:35 --------- d-----w C:\Program Files\Azureus
2008-04-16 16:43 --------- d-----w C:\Program Files\A1Click Ultra PC Cleaner
2008-04-15 20:49 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-15 14:46 --------- d-----w C:\Program Files\RegVac Registry Cleaner
2008-04-14 06:40 --------- d-----w C:\Program Files\Monarch The Butterfly King
2008-04-13 05:27 --------- d-----w C:\Users\Debbie\AppData\Roaming\Move Networks
2008-04-12 19:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-10 04:25 --------- d-----w C:\Program Files\DivX
2008-04-09 01:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 22:46 --------- d-----w C:\ProgramData\Apple Computer
2008-04-06 07:32 --------- d-----w C:\Program Files\Totem Quest
2008-03-30 05:04 --------- d-----w C:\Users\Debbie\AppData\Roaming\Wildfire
2008-03-30 04:59 --------- d-----w C:\Program Files\bfgclient
2008-03-27 22:34 --------- d-----w C:\ProgramData\Skype
2008-03-26 06:32 --------- d-----w C:\Users\Debbie\AppData\Roaming\funkitron
2008-03-25 22:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-03-25 21:26 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-03-25 02:01 --------- d-----w C:\Program Files\Magic Match Adventures
2008-03-24 21:20 --------- d-----w C:\Program Files\Hyperballoid 2
2008-03-24 01:58 --------- d-----w C:\Users\Debbie\AppData\Roaming\Apple Computer
2008-03-21 23:14 --------- d-----w C:\Program Files\Doggie Dash
2008-03-21 23:14 --------- d-----w C:\Program Files\Amazing Adventures The Lost Tomb
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-20 02:45 --------- d-----w C:\ProgramData\Alawar Stargaze
2008-03-17 02:16 --------- d-----w C:\Users\Debbie\AppData\Roaming\eGames
2008-03-16 06:43 --------- d-----w C:\ProgramData\Totem Quest
2008-03-16 02:59 --------- d-----w C:\Users\Debbie\AppData\Roaming\PlayFirst
2008-03-16 02:59 --------- d-----w C:\ProgramData\PlayFirst
2008-03-14 16:53 --------- d-----w C:\Program Files\Paradise Pet Salon
2008-03-14 04:59 --------- d-----w C:\ProgramData\PopCap
2008-03-11 02:51 --------- d-----w C:\Users\Debbie\AppData\Roaming\Uniblue
2008-03-11 02:51 --------- d-----w C:\ProgramData\Uniblue
2008-03-11 02:51 --------- d-----w C:\Program Files\Uniblue
2008-03-10 23:49 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-10 04:01 --------- d-----w C:\ProgramData\Friends Games
2008-03-07 02:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 01:41 --------- d-----w C:\Users\Debbie\AppData\Roaming\PeerNetworking
2008-03-06 21:01 --------- d-----w C:\Program Files\Roxio
2008-03-06 21:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-06 20:59 --------- d-----w C:\ProgramData\Roxio
2008-03-06 19:18 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-05 03:59 --------- d-----w C:\Program Files\Little Shop Of Treasures 2
2008-03-02 04:42 --------- d-----w C:\Program Files\Intel
2008-03-01 16:49 --------- d-----w C:\Users\Debbie\AppData\Roaming\GTek
2008-02-28 19:09 --------- d-----w C:\Users\Debbie\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2008-02-28 19:09 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-02-25 12:48 --------- d-----w C:\ProgramData\Go Go Gourmet
2008-02-25 07:05 --------- d-----w C:\Users\Debbie\AppData\Roaming\muvee Technologies
2008-01-29 17:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-25 08:55 229,376 ----a-w C:\Windows\System32\UCI32M27.dll
2007-12-19 19:01 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-19 19:01 32 ----a-w C:\ProgramData\ezsid.dat
2007-07-31 09:40 460 ----a-w C:\Users\Debbie\AppData\Roaming\wklnhst.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\ProgramData\clmjepqr ----
---- Directory of C:\Users\All Users\clmjepqr ----
((((((((((((((((((((((((((((( snapshot@2008-04-22_20.03.29.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-23 02:10:13 884,736 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b3a5c81e91bf9b1e63697e53a41ac0ed\AspNetMMCExt.ni.dll
+ 2008-04-23 01:41:04 425,984 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7b38b32ba60b3eb9195c4e1fcc2c3b9d\BDATunePIA.ni.dll
+ 2008-04-23 01:41:05 503,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a29c71731e54f91d32ccc55d5493126d\ComSvcConfig.ni.exe
+ 2008-04-23 02:10:13 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8b7076d09705567c6431176b693597ab\CustomMarshalers.ni.dll
+ 2008-04-23 02:10:13 15,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\314a2a2c7ac434889e2478150e910adf\dfsvc.ni.exe
+ 2008-04-23 01:22:39 57,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\28a4e1dce97ab68093cbafb87c5ceb7b\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2008-04-23 01:22:47 69,632 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\5c4fd80a6d6ab5f22a4f360b5eece5d6\DriversHQ.DriverDetective.Client.DirectX.ni.dll
+ 2008-04-23 01:21:39 2,236,416 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\72c586e404832faf2eeca2507e023e9e\DriversHQ.DriverDetective.Client.ni.exe
+ 2008-04-23 01:21:42 225,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\8d129b2ee4ce0e13dec8b361544616c2\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2008-04-23 01:22:36 184,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\bcb6d5957ade30ea65264714fbfdfcf6\DriversHQ.DriverDetective.Common.ni.dll
+ 2008-04-23 02:10:14 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehCIR\56309ef1e57faa5e1c01a04a7e3aefc2\ehCIR.ni.dll
+ 2008-04-23 01:41:46 2,428,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepg\bad41b8bbfff0cc616655c9d970d6704\ehepg.ni.dll
+ 2008-04-23 01:41:54 360,448 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\507f31ea7666854edb2752be04453c54\ehepgdat.ni.dll
+ 2008-04-23 02:10:15 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\56309e07387763d840ce4b163fb725e7\ehExtCOM.ni.dll
+ 2008-04-23 01:41:55 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\836d66bf51fee3b566ac83a2546e25ea\ehExtHost.ni.exe
+ 2008-04-23 02:09:44 24,576 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\9690acf6b16810061de6ed44368980a9\ehiExtCOM.ni.dll
+ 2008-04-23 01:41:56 188,416 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\52610279dc1c7658eafbf00b8d197bf9\ehiExtens.ni.dll
+ 2008-04-23 01:41:57 610,304 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\6c123aa14560b7dff4968bcfbcc48ba6\ehiPlay.ni.dll
+ 2008-04-23 01:41:47 983,040 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5f8aee18344b9910bbec6af974c074d5\ehiProxy.ni.dll
+ 2008-04-23 01:41:57 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\
0b31398ed7a071f087b271393a522038\ehiReplay.ni.dll
+ 2008-04-23 01:41:53 58,368 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ca15bb63e13565d7b8b168403a0dbf37\ehiUserXp.ni.dll
+ 2008-04-23 01:41:58 839,680 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\f14b581820693d30efb00f6c2753ff1a\ehiVidCtl.ni.dll
+ 2008-04-23 01:41:59 376,832 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\54da10294f5f71396a622da622c8c820\ehiwmp.ni.dll
+ 2008-04-23 02:09:25 122,880 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\9a8dbbf00820151502bf5886759bd9ff\ehiWUapi.ni.dll
+ 2008-04-23 02:09:25 1,949,696 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\514c1647d604af1744b72a5dba164a27\ehRecObj.ni.dll
+ 2008-04-23 02:09:44 12,734,464 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\3c51adbea5adf146e27a6fd569ac2daa\ehshell.ni.dll
+ 2008-04-23 02:09:46 577,536 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\368debb045e28955b65910779050eccc\EventViewer.ni.dll
+ 2008-04-23 02:09:44 86,016 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\loadmxf\91672362ea8e76d7800c6d3176364d0b\loadmxf.ni.exe
+ 2008-04-23 02:09:27 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\a6975ff8507a40231d4f508baa9416dd\mcstore.ni.dll
+ 2008-04-23 02:09:28 315,392 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\6aa5747fb711f9d478b1b943fddf2b61\mcstoredb.ni.dll
+ 2008-04-23 02:09:54 274,432 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcupdate\1657cfe3c699dd1d02e582c9b90b48d2\mcupdate.ni.exe
+ 2008-04-23 02:09:44 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\81d064c3c21181a4a5ec456becbbef4c\Mcx2Dvcs.ni.dll
+ 2008-04-23 01:22:39 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\2bbb45681c2d113c28be2a5cba07aa78\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2008-04-23 02:10:17 876,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e24c7a7e58f9b3432df623710b9c5e01\Microsoft.Build.Engine.ni.dll
+ 2008-04-23 02:10:18 81,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6dc26698fcb3f0f93759f3c38a6207d5\Microsoft.Build.Framework.ni.dll
+ 2008-04-23 02:10:20 1,695,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\87407c2d9c2530f716841b6d6ebdf563\Microsoft.Build.Tasks.ni.dll
+ 2008-04-23 02:10:20 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bdd6a68dce3ff4146b24afdf9759402b\Microsoft.Build.Utilities.ni.dll
+ 2008-04-23 02:10:21 122,880 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Vis#\73bd3c70d2012073fdd0b925507dd5ec\Microsoft.Build.VisualJSharp.ni.dll
+ 2008-04-23 02:09:55 1,441,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\d521fc6793855857df18b7cb9ab0acaa\Microsoft.Ink.ni.dll
+ 2008-04-23 01:22:44 2,441,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\2f558d3a6d024dfcdd1d62233a067b40\Microsoft.JScript.ni.dll
+ 2008-04-23 02:09:46 614,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\b059345a9c2a126e320e17c2090dd354\Microsoft.ManagementConsole.ni.dll
+ 2008-04-23 02:09:29 704,512 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\231d1d92a6a142e4db3fced6a1669923\Microsoft.MediaCenter.Sports.ni.dll
+ 2008-04-23 01:41:56 618,496 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\72a7d6eae1036807d71d356e5acd731f\Microsoft.MediaCenter.ni.dll
+ 2008-04-23 02:09:26 253,952 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a4b1834c6e8c256f678d08962feca808\Microsoft.MediaCenter.Shell.ni.dll
+ 2008-04-23 01:41:53 5,861,376 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\fdbbe9219a0795323d39333cd8d95e9d\Microsoft.MediaCenter.UI.ni.dll
+ 2008-04-23 01:22:40 368,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\7686e2b5c3340d33f8f9cd9454144d4e\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2008-04-23 01:22:45 356,352 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\a87ef3a63331f68519a51332cc6b9318\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2008-04-23 01:22:46 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\c6e330d8e9ad25de89f60cb6448c596d\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2008-04-23 01:41:43 1,232,896 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\198b25c569e8a6fbb78092fe9c697600\Microsoft.Transactions.Bridge.ni.dll
+ 2008-04-23 02:09:59 401,408 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b0da39820e35eb3821e69ac8ace491a1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-04-23 02:10:23 1,740,800 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a96c6b0c75f8ea3eb133018ba3b49f3f\Microsoft.VisualBasic.ni.dll
+ 2008-04-23 01:22:45 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\81c771cf263c377d46aaf249c7ab903a\Microsoft.Vsa.ni.dll
+ 2008-04-23 02:09:52 6,443,008 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66ad568e1ea098a2099364bf66bdaed8\MIGUIControls.ni.dll
+ 2008-04-23 02:10:01 1,691,648 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\f5934f1b89f7c8fb3f0bab1c21045f1c\MMCEx.ni.dll
+ 2008-04-23 02:09:47 319,488 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\a3d6cbb5a1efbd314e7080bbbd78d1cd\MMCFxCommon.ni.dll
+ 2008-04-23 02:10:02 102,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napcrypt\29d0ab81098806db3b769de45054ea13\napcrypt.ni.dll
+ 2008-04-23 02:10:02 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\65fba2f3c000945397537d9646148f6c\naphlpr.ni.dll
+ 2008-04-23 02:10:03 126,976 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napinit\ad70802a13332254382fd4bddbfbc8b3\napinit.ni.dll
+ 2008-04-23 02:10:04 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\ae9a564a6dd8814ba0ec381fd07be4bb\napsnap.ni.dll
+ 2008-04-23 02:10:26 2,641,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\1b896bbb7ed678902995f5a2479962e8\Narrator.ni.exe
+ 2008-04-23 02:10:28 1,581,056 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7c78c24952fad7252c7ff7f739fd6198\PresentationBuildTasks.ni.dll
+ 2008-04-23 02:10:33 2,035,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fa8522105eb716eed71e99bb9bfe06ee\PresentationUI.ni.dll
+ 2008-04-23 02:10:39 2,416,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\99836ab309902e40176dc5ca0854f7b2\ReachFramework.ni.dll
+ 2008-04-23 02:10:04 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\b682f5929b1f3f2a0b585cbc999df489\ServiceModelReg.ni.exe
+ 2008-04-23 01:41:34 303,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ee487a5b3e62f510183f68538f583135\SMDiagnostics.ni.dll
+ 2008-04-23 02:10:05 323,584 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\470e3064a09dc8107667143d09811786\SMSvcHost.ni.exe
+ 2008-04-23 01:41:47 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\
07c3757edda55c714c4e69a94be4e35e\stdole.ni.dll
+ 2008-04-23 02:10:45 262,144 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\811305f0e9b3729e5a6a991b6645de92\sysglobl.ni.dll
+ 2008-04-23 01:22:35 1,183,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f293fee60fc17173a220dec17a8f2a4a\System.Data.OracleClient.ni.dll
+ 2008-04-23 01:22:33 512,000 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c99dec707cab9de8b03b8821a0716ac\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-23 01:22:31 1,224,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b6dfa3ee72dae0f0aa3d072d3b5af2a6\System.DirectoryServices.ni.dll
+ 2008-04-23 01:22:29 659,456 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.ni.dll
+ 2008-04-23 01:22:29 294,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.Wrapper.dll
+ 2008-04-23 01:41:41 241,664 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5ff73b37102042c3e28f22106dde8ad4\System.IdentityModel.Selectors.ni.dll
+ 2008-04-23 01:41:40 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44573dbcf8c8046c8d4b9ba8109d90e7\System.IdentityModel.ni.dll
+ 2008-04-23 02:10:07 417,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\28b40aac039323938aa010da90240207\System.IO.Log.ni.dll
+ 2008-04-23 01:22:41 1,064,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3faf6c0dd4b29ada10b11269abb62653\System.Management.ni.dll
+ 2008-04-23 01:41:41 655,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1bb37d7286f4cd22de1b1e7f6d2950b2\System.Messaging.ni.dll
+ 2008-04-23 02:10:35 1,134,592 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d82ee3d7910c5dab8c97c4e7973d7bbc\System.Printing.ni.dll
+ 2008-04-23 01:22:32 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
+ 2008-04-23 01:41:38 2,445,312 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\529360b58964fe947006d8669aea62f3\System.Runtime.Serialization.ni.dll
+ 2008-04-23 01:41:34 18,071,552 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cfcba8cb539cb3dc5e92c544bd6d9dc5\System.ServiceModel.ni.dll
+ 2008-04-23 02:10:44 2,039,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b75eb02af4a4a29474726c41641ac18e\System.Speech.ni.dll
+ 2008-04-23 01:22:28 679,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\62dc499efc246da6806ba0b74ac447f1\System.Transactions.ni.dll
+ 2008-04-23 02:10:48 2,342,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7185958cf25ae6673e828dd1e7ac65ed\System.Web.Mobile.ni.dll
+ 2008-04-23 01:22:35 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\320ae07cc8c7b946d2944c63a72871fc\System.Web.RegularExpressions.ni.dll
+ 2008-04-23 01:21:58 1,986,560 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\af61137b092f7167a1bb6d5f8ee294d8\System.Web.Services.ni.dll
+ 2008-04-23 01:22:27 12,513,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
+ 2008-04-23 02:10:08 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\
0a7389d61536c156ce0485a0a14d1c3f\TaskScheduler.ni.dll
+ 2008-04-23 02:10:49 483,328 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\247502ab3842b4a61f36dc4e0279f354\UIAutomationClient.ni.dll
+ 2008-04-23 02:10:50 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94bf31eac9cf2d253b451e225669e91c\UIAutomationClientsideProviders.ni.dll
+ 2008-04-23 02:10:51 33,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjscor\b8923096f502e39073a98a1afccd9069\vjscor.ni.dll
+ 2008-04-23 02:10:51 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\578000ddd285bd5ae73d7c02f0c05830\VJSharpCodeProvider.ni.dll
+ 2008-04-23 02:10:52 34,816 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\a107d57615e7cabca592373701818bac\vjsjbc.ni.dll
+ 2008-04-23 02:11:00 8,429,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjslib\792066df622ee842a1903b7acfe1d5d3\vjslib.ni.dll
+ 2008-04-23 02:11:00 48,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\486e3ef4c34a82f7e940031d0225d555\vjslibcw.ni.dll
+ 2008-04-23 02:11:03 2,674,688 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\c419c15fd7078f7a706f3555fd18712d\VJSSupUILib.ni.dll
+ 2008-04-23 02:11:04 50,176 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\93816b6464f67dfbe18de436592ba3d7\vjsvwaux.ni.dll
+ 2008-04-23 02:11:10 7,368,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjswfc\ffcfa8d212c7f802986ffe7bdbcae4ce\vjswfc.ni.dll
+ 2008-04-23 02:11:11 25,600 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\44c89410db2b12fe1751bf02e3f13d80\VjsWfcBrowserStubLib.ni.dll
+ 2008-04-23 02:11:11 450,560 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\
07eb12fc47b0624ab5973aa781371609\vjswfccw.ni.dll
+ 2008-04-23 02:11:15 3,633,152 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\a76eb92b7e7c2766687f53b9b2dc0117\vjswfchtml.ni.dll
+ 2008-04-23 02:11:16 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\32372878e4291ce171ce9eb482d9188a\WindowsFormsIntegration.ni.dll
+ 2008-04-23 02:10:09 380,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\
0ecb8c2a9fa7b6c5e7c9d77b44ff6eb1\WsatConfig.ni.exe
+ 2008-04-23 01:22:46 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\3393663113829afc15a43db90e749c5b\XPBurnComponent.ni.dll
+ 2008-04-23 00:59:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-23 00:59:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-23 00:15:17 8,192 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-23 08:14:21 8,192 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-23 00:59:44 1,413,120 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-23 06:08:53 1,413,120 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-23 00:52:41 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-23 09:03:29 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-22 01:11:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-23 01:11:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-22 01:11:08 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 01:11:06 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-22 01:11:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-23 01:11:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-22 16:05:51 104,834 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-23 01:05:43 104,834 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-22 16:05:51 603,774 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-23 01:05:43 603,774 ----a-w C:\Windows\System32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 02:38 1008184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-25 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-25 17:07 166424]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 14:29:20 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus CX5000 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\Windows\TEMP\E_SDE0C.tmp" /EF "HKCU"
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RtHDVCpl"=RtHDVCpl.exe
"IgfxTray"=C:\Windows\system32\igfxtray.exe
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E67395F-07C7-4CDE-8115-DAC7C4841802}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{326C9048-9A50-44C4-BE67-65DD35370DCA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C98C99D8-CA9D-47B1-9D07-C3D49F2E825B}"= Disabled:UDP:55064:uTorrent
"{2B17713B-236A-4B12-ADEE-71E917B41C9C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{71784547-F868-45E2-9559-8C65073FA969}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{7DD20983-1F40-4B5C-9B41-65E81D0D4A12}C:\\program files\\voip\\communicator\\communicator.exe"= UDP:C:\program files\voip\communicator\communicator.exe:Communicator
"UDP Query User{83768043-6243-4363-BAFA-752FEF519794}C:\\program files\\voip\\communicator\\communicator.exe"= TCP:C:\program files\voip\communicator\communicator.exe:Communicator
"TCP Query User{F77C74A4-B86B-4252-BE27-B9CDD3D7D603}C:\\program files\\voip\\communicator\\communicator.exe"= UDP:C:\program files\voip\communicator\communicator.exe:Communicator
"UDP Query User{B1CF3577-A416-4D6D-8386-61E257FF4C12}C:\\program files\\voip\\communicator\\communicator.exe"= TCP:C:\program files\voip\communicator\communicator.exe:Communicator
"TCP Query User{AC312972-0FF2-48B4-A68C-F39DE1EA9B02}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{45C1BFD6-F03E-48AA-8923-38E04402BE61}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{23EB9A7A-6697-4106-AE8A-408226FB0AC8}C:\\program files\\digital support\\digitalsupportlocalservice.exe"= UDP:C:\program files\digital support\digitalsupportlocalservice.exe:DigitalSupportLocalService
"UDP Query User{415D68B6-B0E7-45D7-AA9E-28D6FC585075}C:\\program files\\digital support\\digitalsupportlocalservice.exe"= TCP:C:\program files\digital support\digitalsupportlocalservice.exe:DigitalSupportLocalService
"TCP Query User{F1961A49-759E-40B1-9089-B8B47C28A9C7}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{AC0BFCC7-06F5-4E94-8AE1-92748EE7E1A3}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{54DC6EF3-3D64-4277-9E65-DA0127344740}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{05F991AC-0353-4A90-8BAE-81512E6511DC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{65D4A52C-A24D-4724-BD33-4D1D004A5337}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{9CFE3522-E03E-4732-917C-6637F40F1D57}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{C7C1946C-9EED-41EE-A4E3-4EA352858384}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{39615D27-A63E-44E2-9AAA-E6208EC7FF75}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{913104A5-4581-489E-A7E9-5924C0D15A66}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F5C6416A-BE7C-4904-B24F-CE6092F0C5C0}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 09:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 02:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 07:36]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 16:44]
R3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-19 01:14]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b36479c0-e37a-11dc-af39-001bfc41104b}]
\shell\AutoRun\command - K:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 22:18:11 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-09 01:15:07 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-27 15:33:03 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-11 03:07:44 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-23 09:05:00 C:\Windows\Tasks\User_Feed_Synchronization-{1CED6FB3-5EAB-4140-9EC0-A65B8B425654}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-23 04:07:20
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-23 4:09:11
ComboFix-quarantined-files.txt 2008-04-23 09:08:41
ComboFix2.txt 2008-04-23 01:04:10
Pre-Run: 309,234,491,392 bytes free
Post-Run: 309,202,546,688 bytes free
478 --- E O F --- 2008-04-23 01:21:50