1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Start up Errors, Can not run any malware or antivirus programs.

Discussion in 'Malware and Virus Removal Archive' started by kiranp, 2009/11/13.

  1. 2009/11/13
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    [Active] Start up Errors, Can not run any malware or antivirus programs.

    Hey guys,

    after noticing new processes such as b.exe and deleteing them i cannot run any programs that will scan my drives. My anti virus will not start neither will any online scans, spybot will not install and malwarebytes terminates just before it tries to scan.

    ive tried to run DDS a few times, it either does nothing for 10 minutes, or just comes up with application error.

    Any Suggestions?
     
    kiranp,
    #1
  2. 2009/11/13
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    I also tried Hijackthis but that terminated too.

    I ran combofix, although it did mention my AV was active it wasnt functioning or was not showing any processes to my knowledge.

    ComboFix 09-11-13.04 - Sony Laptop 13/11/2009 14:18.6.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1558 [GMT 0:00]
    Running from: c:\documents and settings\Sony Laptop\Desktop\ComboFix.exe
    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\kb913800.exe
    c:\windows\run.log
    c:\windows\system32\a.exe
    c:\windows\system32\lowsec
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds
    c:\windows\system32\net.net
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\qtplugin.exe
    c:\windows\system32\sdra64.exe
    c:\windows\wiaserviv.log

    Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


    ((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
    .

    2009-11-06 18:35 . 2009-11-06 18:36 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\Notepad++
    2009-11-06 18:35 . 2009-11-06 18:35 -------- d-----w- c:\program files\Notepad++
    2009-11-06 18:16 . 2009-11-06 18:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-11-06 18:01 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-06 18:00 . 2009-11-06 18:00 -------- d-----w- c:\program files\Windows Defender
    2009-11-06 03:20 . 2009-11-06 03:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-11-05 21:54 . 2009-11-05 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2009-11-05 21:14 . 2009-11-05 21:23 -------- d-----w- c:\windows\BDOSCAN8
    2009-11-05 20:10 . 2009-11-05 20:10 -------- d-sh--w- c:\documents and settings\Sony Laptop\PrivacIE
    2009-11-05 18:39 . 2009-11-05 18:39 -------- d-sh--w- c:\documents and settings\Sony Laptop\IETldCache
    2009-11-02 23:59 . 2009-11-05 16:11 -------- dc-h--w- c:\windows\ie8
    2009-11-02 23:43 . 2009-11-02 23:44 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-11-01 22:32 . 2009-11-13 12:07 0 ----a-r- c:\windows\win32k.sys
    2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\documents and settings\Sony Laptop\Local Settings\Application Data\SupportSoft
    2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\program files\Common Files\SupportSoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-13 12:03 . 2009-01-02 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-06 17:48 . 2007-09-27 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-06 17:45 . 2007-09-27 18:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-05 19:42 . 2007-07-23 00:08 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\uTorrent
    2009-10-28 16:37 . 2007-07-18 16:14 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\SoundSpectrum
    2009-10-28 15:43 . 2007-07-18 16:13 -------- d-----w- c:\program files\SoundSpectrum
    2009-10-11 14:52 . 2009-09-27 16:36 -------- d-----w- c:\program files\ffdshow
    2009-09-27 17:14 . 2009-09-27 17:14 -------- d-----w- c:\program files\ApecSoft
    2009-09-27 17:14 . 2009-09-27 16:59 80896 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\LZMA.dll
    2009-09-27 17:14 . 2009-09-27 16:59 5632 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Swap.dll
    2009-09-27 17:14 . 2009-09-27 16:59 5120 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Copy.dll
    2009-09-27 17:14 . 2009-09-27 16:59 18944 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Branch.dll
    2009-09-27 17:14 . 2009-09-27 16:59 129024 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Formats\7z.dll
    2009-09-27 16:59 . 2009-09-27 16:59 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip
    2009-09-27 16:58 . 2009-09-27 16:58 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\avidemux
    2009-09-27 16:53 . 2009-09-27 16:51 -------- d-----w- c:\program files\Ultra Video Joiner
    2009-09-10 14:54 . 2009-01-02 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 14:53 . 2009-01-02 17:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2008-11-05 10:51 . 2009-07-18 12:28 203965 ----a-w- c:\program files\always-on-top.exe
    2008-04-14 00:12 . 2008-12-10 19:26 60416 --sha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
    2008-02-17 13:04 . 2007-12-05 00:44 104 --sh--r- c:\windows\system32\7FF77BB135.sys
    2008-02-17 13:04 . 2007-12-05 00:40 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-02-19 00:00 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "SonyPowerCfg "= "c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
    "nod32kui "= "c:\program files\Eset\nod32kui.exe" [2007-07-18 950664]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2005-11-29 86016]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWinKeys "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-09-23 14:24 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^Sony Laptop^Start Menu^Programs^Startup^.lnk]
    path=c:\documents and settings\Sony Laptop\Start Menu\Programs\Startup\.lnk
    backup=c:\windows\pss\.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\eMule\\emule.exe "=
    "c:\\Program Files\\Winamp\\winamp.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe "=
    "c:\\WINDOWS\\ehome\\ehshell.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe "=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "c:\\Program Files\\NetMeeting\\conf.exe "=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe "=
    "c:\\Program Files\\Soulseek\\slsk.exe "=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe "=
    "c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
    "c:\\Program Files\\Apoint\\ApntEx.exe "=
    "c:\\Program Files\\Qtracker\\qtracker.exe "=
    "%windir%\\system32\\drivers\\svchost.exe "=
    "c:\\Program Files\\SopCast\\SopCast.exe "=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Spotify\\spotify.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "28900:TCP "= 28900:TCP:ut
    "27900:UDP "= 27900:UDP:ut sw
    "56566:TCP "= 56566:TCP:emule2
    "9998:UDP "= 9998:UDP:emule udp
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "1723:TCP "= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP "= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP "= 500:UDP:mad:xpsp2res.dll,-22017
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "5656:UDP "= 5656:UDP:gremote
    "5656:TCP "= 5656:TCP:5656

    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18/07/2007 16:53 15424]
    R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/01/2004 15:33 13952]
    R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/01/2004 15:32 28800]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/12/2005 06:13 28800]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/12/2005 06:13 808448]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\SONYLA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\SONYLA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/12/2007 16:57 13352]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
    S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\rt2500usb.sys [29/08/2007 21:03 241536]
    S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *Deregistered* - mbr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-09-27 13:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
    uInternet Settings,ProxyServer = http=217.65.158.65:8080
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    LSP: c:\windows\system32\imon.dll
    DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0}
    FF - ProfilePath - c:\documents and settings\Sony Laptop\Application Data\Mozilla\Firefox\Profiles\axj4qchx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\documents and settings\Sony Laptop\Application Data\Mozilla\Firefox\Profiles\axj4qchx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-RegistryMonitor1 - c:\windows\system32\qtplugin.exe
    AddRemove-Parallel Port Joystick - c:\windows\unvise32.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-13 14:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A792C00]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x8a792c00
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    Use "Recovery Console" command "fixmbr" to clear infection !

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1428)
    c:\windows\system32\VESWinlogon.dll

    - - - - - - - > 'lsass.exe'(1484)
    c:\windows\system32\imon.dll

    - - - - - - - > 'explorer.exe'(2484)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\ntshrui.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\system32\shimgvw.dll
    c:\program files\Eset\nodshex.dll
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    c:\program files\WinRAR\rarext.dll
    c:\windows\system32\TosBtShell.dll
    c:\windows\system32\mp3tsshx.dll
    c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\Apoint\Apntex.exe
    c:\program files\Microsoft Office\Office12\WINWORD.EXE
    c:\program files\Mozilla Firefox\firefox.exe
    .
    **************************************************************************
    .
    Completion time: 2009-11-13 14:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-11-13 14:37

    Pre-Run: 25,000,329,216 bytes free
    Post-Run: 25,116,925,952 bytes free

    - - End Of File - - 99B11A56D0AAAD7B7EB0D51CDDD2EEE9
     
    kiranp,
    #2


  3. to hide this advert.

  4. 2009/11/13
    tashman847

    tashman847 Inactive

    Joined:
    2009/11/03
    Messages:
    112
    Likes Received:
    4
    Have you tried downloading a copy of Combofix on another machine, then renaming it to something random to prevent the malware from stopping it opening and then running it on the infected machine?

    Tom

    Update - Sorry I did not read well enough **** pain killers!
     
    tashman847,
    #3
  5. 2009/11/13
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    no worries, after combofix i managed to run malwarebytes. is there anything else i should do?

    Heres the log

    Malwarebytes' Anti-Malware 1.41
    Database version: 3160
    Windows 5.1.2600 Service Pack 3

    13/11/2009 15:50:03
    mbam-log-2009-11-13 (15-50-03).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 237738
    Time elapsed: 1 hour(s), 3 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Sony Laptop\Application Data\Adobe\kernell32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\net.net.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2FA77918-3C89-4E11-B388-FE912978DDD5}\RP2\A0000071.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2FA77918-3C89-4E11-B388-FE912978DDD5}\RP2\A0000030.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pqrs.tmo (Backdoor.Bredavi) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sony Laptop\Application Data\Google\ptnmsn64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
     
    kiranp,
    #4
  6. 2009/11/13
    tashman847

    tashman847 Inactive

    Joined:
    2009/11/03
    Messages:
    112
    Likes Received:
    4
    Im not an expert with malware removal.

    Broni will come and assist you soon i am sure!

    As he is the Malware expert!!

    Tom
     
    tashman847,
    #5
  7. 2009/11/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you have Windows CD...(if you don't have Windows CD, scroll down)

    1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
    2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
    You’re going to proceed until you see the following screen, at which point you will press the “R†key to enter the recovery console:

    [​IMG]

    3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
    Select the installation number, and hit Enter.
    If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
    You will be greeted with this screen, which indicates a recovery console at the ready:

    [​IMG]

    4. Now at the prompt, type in fixmbr. Your damaged MBR will now be replaced with a new master boot record

    5. Restart computer.


    If you don't have Windows CD...
    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD.
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
    Then, follow instructions from Step #3 above.

    When done.....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\win32k.sys
c:\windows\system32\7FF77BB135.sys


Folder::

Driver::

Registry::

RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #6
  8. 2009/11/15
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    ComboFix 09-11-16.03 - Sony Laptop 15/11/2009 22:39.7.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT 0:00]
    Running from: c:\documents and settings\Sony Laptop\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Sony Laptop\Desktop\CFScript.txt
    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    * Resident AV is active


    FILE ::
    "c:\windows\system32\7FF77BB135.sys "
    "c:\windows\win32k.sys "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\7FF77BB135.sys

    ----- BITS: Possible infected sites -----

    hxxp://au.download.windowsupdate.comj+|Cv+@J:NGD_DQ{zcxLJS@;>rB=#sWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXuj.Cfj.Cfj.Cfj.Cf[cxLJS@GD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvwsupdate.com
    .
    ((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
    .

    2009-11-15 22:34 . 2009-11-15 22:34 -------- d-----w- c:\windows\LastGood
    2009-11-15 22:33 . 2009-11-15 22:35 -------- d-----w- C:\6a4f39fbad56763de7eced
    2009-11-15 22:29 . 2009-11-15 22:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-11-13 19:42 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2009-11-13 19:42 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2009-11-13 19:42 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2009-11-13 19:42 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2009-11-13 19:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2009-11-13 19:42 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2009-11-13 19:42 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2009-11-13 19:42 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2009-11-13 19:42 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2009-11-13 19:40 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-11-13 19:38 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2009-11-13 19:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2009-11-06 18:35 . 2009-11-06 18:36 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\Notepad++
    2009-11-06 18:35 . 2009-11-06 18:35 -------- d-----w- c:\program files\Notepad++
    2009-11-06 18:16 . 2009-11-06 18:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-11-06 18:01 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-06 18:00 . 2009-11-06 18:00 -------- d-----w- c:\program files\Windows Defender
    2009-11-06 03:20 . 2009-11-06 03:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-11-05 21:54 . 2009-11-05 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2009-11-05 21:14 . 2009-11-05 21:23 -------- d-----w- c:\windows\BDOSCAN8
    2009-11-05 20:10 . 2009-11-05 20:10 -------- d-sh--w- c:\documents and settings\Sony Laptop\PrivacIE
    2009-11-05 18:39 . 2009-11-05 18:39 -------- d-sh--w- c:\documents and settings\Sony Laptop\IETldCache
    2009-11-02 23:43 . 2009-11-02 23:44 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\documents and settings\Sony Laptop\Local Settings\Application Data\SupportSoft
    2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\program files\Common Files\SupportSoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-15 22:26 . 2007-07-23 00:08 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\uTorrent
    2009-11-14 01:55 . 2009-08-02 20:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-11-14 01:49 . 2007-07-18 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-11-13 16:55 . 2007-09-27 18:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-13 16:55 . 2007-09-27 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-13 14:45 . 2009-01-02 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-28 16:37 . 2007-07-18 16:14 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\SoundSpectrum
    2009-10-28 15:43 . 2007-07-18 16:13 -------- d-----w- c:\program files\SoundSpectrum
    2009-10-11 14:52 . 2009-09-27 16:36 -------- d-----w- c:\program files\ffdshow
    2009-09-27 17:14 . 2009-09-27 17:14 -------- d-----w- c:\program files\ApecSoft
    2009-09-27 17:14 . 2009-09-27 16:59 80896 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\LZMA.dll
    2009-09-27 17:14 . 2009-09-27 16:59 5632 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Swap.dll
    2009-09-27 17:14 . 2009-09-27 16:59 5120 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Copy.dll
    2009-09-27 17:14 . 2009-09-27 16:59 18944 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Branch.dll
    2009-09-27 17:14 . 2009-09-27 16:59 129024 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Formats\7z.dll
    2009-09-27 16:59 . 2009-09-27 16:59 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip
    2009-09-27 16:58 . 2009-09-27 16:58 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\avidemux
    2009-09-27 16:53 . 2009-09-27 16:51 -------- d-----w- c:\program files\Ultra Video Joiner
    2009-09-11 14:18 . 2005-12-12 06:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 14:54 . 2009-01-02 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 14:53 . 2009-01-02 17:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 21:03 . 2005-12-12 06:12 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-26 08:00 . 2005-12-12 06:13 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-17 23:33 . 2009-08-17 23:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
    2008-11-05 10:51 . 2009-07-18 12:28 203965 ----a-w- c:\program files\always-on-top.exe
    2008-04-14 00:12 . 2008-12-10 19:26 60416 --sha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
    2008-02-17 13:04 . 2007-12-05 00:40 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 9784E0719124E4A23989AEF9E7CA02D6 . 975360 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2004-08-10 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-11-13_14.30.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 19:41 . 2009-07-11 19:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    + 2007-04-16 21:45 . 2009-08-06 19:24 44768 c:\windows\system32\wups2.dll
    + 2005-12-12 15:28 . 2009-08-06 19:24 35552 c:\windows\system32\wups.dll
    + 2005-12-12 15:28 . 2009-08-06 19:24 53472 c:\windows\system32\wuauclt.exe
    + 2005-12-12 06:12 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
    + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
    + 2005-12-12 06:12 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
    + 2005-12-12 06:12 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
    + 2009-11-15 22:35 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    + 2009-11-13 19:31 . 2009-08-06 19:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
    + 2009-11-13 19:31 . 2009-08-06 19:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
    + 2005-12-12 06:12 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
    + 2005-12-12 06:12 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
    + 2008-07-29 19:59 . 2008-07-29 19:59 43544 c:\windows\system32\PresentationHostProxy.dll
    + 2005-12-12 06:12 . 2009-11-15 22:43 83712 c:\windows\system32\perfc009.dat
    - 2007-10-24 00:47 . 2007-10-24 00:47 15360 c:\windows\system32\mui\0409\mscorees.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 15360 c:\windows\system32\mui\0409\mscorees.dll
    + 2005-12-12 15:25 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
    - 2005-12-12 15:25 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
    - 2005-12-12 06:12 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
    + 2005-12-12 06:12 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
    + 2005-12-12 15:25 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
    - 2005-12-12 15:25 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 83968 c:\windows\system32\mscories.dll
    + 2008-07-29 19:24 . 2008-07-29 19:24 97800 c:\windows\system32\infocardapi.dll
    + 2008-07-29 19:24 . 2008-07-29 19:24 11264 c:\windows\system32\icardres.dll
    + 2005-12-12 06:12 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
    + 2005-12-12 06:12 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
    + 2005-12-12 15:28 . 2009-08-06 19:24 35552 c:\windows\system32\dllcache\wups.dll
    + 2005-12-12 15:28 . 2009-08-06 19:24 53472 c:\windows\system32\dllcache\wuauclt.exe
    + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
    + 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
    + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
    + 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
    + 2005-12-12 06:12 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
    + 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
    + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
    + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
    + 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
    + 2005-12-12 06:11 . 2009-08-06 19:24 96480 c:\windows\system32\dllcache\cdm.dll
    + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
    + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 96760 c:\windows\system32\dfshim.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 96760 c:\windows\system32\dfshim.dll
    + 2005-12-12 06:11 . 2009-08-06 19:24 96480 c:\windows\system32\cdm.dll
    + 2005-12-12 06:11 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
    - 2005-12-12 06:11 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
    + 2005-12-12 06:11 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
    - 2005-12-12 06:11 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
    + 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
    + 2008-07-29 23:40 . 2008-07-29 23:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
    + 2008-07-29 23:40 . 2008-07-29 23:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
    + 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    + 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
    + 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
    + 2008-07-29 21:10 . 2008-07-29 21:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    + 2008-07-29 19:59 . 2008-07-29 19:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
    - 2007-10-09 11:58 . 2007-10-09 11:58 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
    + 2008-07-29 21:10 . 2008-07-29 21:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
    + 2008-07-29 19:32 . 2008-07-29 19:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
    + 2008-07-29 19:16 . 2008-07-29 19:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    - 2007-10-11 08:55 . 2007-10-11 08:55 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    - 2007-10-24 00:47 . 2007-10-24 00:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 33792 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2004-09-29 19:11 . 2009-06-24 12:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
    + 2004-10-07 18:36 . 2009-06-24 12:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-12-12 15:26 . 2009-06-23 22:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    - 2005-12-12 15:26 . 2007-01-02 15:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    + 2005-12-12 15:26 . 2009-06-23 22:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    - 2005-12-12 15:26 . 2007-01-02 15:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    - 2005-12-12 15:26 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    + 2005-12-12 15:26 . 2009-06-23 22:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    + 2005-12-12 15:26 . 2009-06-23 22:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    - 2005-12-12 15:26 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2008-07-29 21:07 . 2008-07-29 21:07 23040 c:\windows\Installer\9899e.msp
    + 2009-11-15 22:32 . 2009-11-15 22:32 88576 c:\windows\Installer\47feb.msi
    - 2007-07-25 16:53 . 2008-12-22 14:25 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2006-10-26 20:13 . 2006-10-26 20:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
    + 2006-10-26 21:58 . 2006-10-26 21:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
    + 2006-10-26 19:55 . 2006-10-26 19:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
    + 2006-10-26 19:55 . 2006-10-26 19:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
    + 2006-10-26 19:55 . 2006-10-26 19:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
    + 2006-10-26 19:09 . 2006-10-26 19:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
    + 2006-10-26 19:55 . 2006-10-26 19:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
    + 2006-10-26 19:55 . 2006-10-26 19:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
    + 2006-10-26 19:55 . 2006-10-26 19:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
    + 2009-11-15 22:33 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
    + 2009-11-13 21:17 . 2009-11-13 21:17 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_863428c6\System.Drawing.Design.dll
    + 2009-11-13 21:17 . 2009-11-13 21:17 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_4b42a849\CustomMarshalers.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f5c0e1b77c840d99a68897898317b79\UIAutomationProvider.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
    + 2009-11-15 22:44 . 2009-11-15 22:44 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\487c1bc20f6e73e8e79503898d17d102\PresentationCFFRasterizer.ni.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f0e9a97ade4529d4caeccd467aa8e7db\Microsoft.VisualC.ni.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2009-11-15 22:41 . 2009-11-15 22:41 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
    + 2009-11-15 22:36 . 2009-11-15 22:36 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2008-07-30 18:21 . 2008-07-30 18:21 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2009-11-15 22:36 . 2009-11-15 22:36 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
    + 2009-11-15 22:37 . 2009-11-15 22:37 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
    - 2008-07-30 18:21 . 2008-07-30 18:21 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-12-12 15:26 . 2009-06-29 11:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    - 2005-12-12 15:26 . 2007-01-02 15:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    + 2009-11-15 22:40 . 2009-11-15 22:40 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2007-11-07 02:19 . 2007-11-07 02:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
    + 2007-11-07 02:19 . 2007-11-07 02:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
    + 2007-11-06 21:23 . 2007-11-06 21:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
    + 2008-07-29 21:26 . 2008-07-29 21:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
     
    kiranp,
    #7
  9. 2009/11/15
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    + 2005-12-12 15:28 . 2009-08-06 19:24 209632 c:\windows\system32\wuweb.dll
    + 2005-12-12 15:28 . 2009-08-06 19:24 327896 c:\windows\system32\wucltui.dll
    + 2005-12-12 15:28 . 2009-08-06 19:23 575704 c:\windows\system32\wuapi.dll
    + 2005-12-12 06:13 . 2009-04-01 23:02 604160 c:\windows\system32\wmspdmod.dll
    + 2005-12-12 06:13 . 2009-07-13 23:43 286208 c:\windows\system32\wmpdxm.dll
    - 2005-12-12 06:12 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
    + 2005-12-12 06:12 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
    - 2005-12-12 06:12 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
    + 2005-12-12 06:12 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
    + 2005-12-12 15:25 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
    + 2005-12-12 15:25 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
    + 2005-12-12 15:25 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
    + 2005-12-12 06:12 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
    + 2009-11-15 22:35 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
    + 2009-11-15 22:35 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
    + 2009-11-15 22:35 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
    + 2009-11-15 22:35 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
    + 2009-11-15 22:35 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
    + 2008-09-23 17:38 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
    - 2008-09-23 17:38 . 2007-05-15 08:08 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
    + 2008-09-23 17:38 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
    - 2008-09-23 17:38 . 2008-04-14 00:12 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
    + 2008-09-23 17:38 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
    + 2009-11-15 22:33 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
    + 2009-11-15 22:33 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
    + 2005-12-12 06:12 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
    + 2005-12-12 06:12 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
    + 2005-12-12 06:12 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
    + 2005-12-12 06:12 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
    + 2008-07-29 19:59 . 2008-07-29 19:59 781344 c:\windows\system32\PresentationNative_v0300.dll
    + 2008-07-29 20:35 . 2008-07-29 20:35 326160 c:\windows\system32\PresentationHost.exe
    + 2008-07-29 19:59 . 2008-07-29 19:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    + 2005-12-12 06:12 . 2009-11-15 22:43 471928 c:\windows\system32\perfh009.dat
    - 2005-12-12 06:12 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
    + 2005-12-12 06:12 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
    + 2005-12-12 06:12 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
    + 2005-12-12 06:12 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
    - 2005-12-12 15:25 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
    + 2005-12-12 15:25 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
    - 2005-12-12 15:25 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
    + 2005-12-12 15:25 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
    + 2005-12-12 15:25 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 158720 c:\windows\system32\mscorier.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 158720 c:\windows\system32\mscorier.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 282112 c:\windows\system32\mscoree.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 282112 c:\windows\system32\mscoree.dll
    + 2005-12-12 06:12 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
    + 2005-12-12 06:12 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
    + 2005-12-12 06:12 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
    - 2005-12-12 06:12 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
    + 2005-12-12 06:12 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
    + 2008-07-29 19:24 . 2008-07-29 19:24 622080 c:\windows\system32\icardagt.exe
    + 2005-12-12 06:12 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
    + 2005-12-12 15:28 . 2009-08-06 19:24 209632 c:\windows\system32\dllcache\wuweb.dll
    + 2005-12-12 15:28 . 2009-08-06 19:24 327896 c:\windows\system32\dllcache\wucltui.dll
    + 2005-12-12 15:28 . 2009-08-06 19:23 575704 c:\windows\system32\dllcache\wuapi.dll
    + 2005-12-12 06:13 . 2009-04-01 23:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
    + 2005-12-12 06:13 . 2009-07-13 23:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
    + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
    + 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
    + 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
    - 2005-12-12 06:13 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2005-12-12 06:13 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2008-12-08 15:53 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
    + 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
    + 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
    + 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
    + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
    + 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
    + 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
    + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
    - 2005-12-12 06:11 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
    + 2005-12-12 06:11 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
    + 2009-08-06 19:23 . 2009-08-06 19:23 215920 c:\windows\SoftwareDistribution\SelfUpdate\Registered\muweb.dll
    + 2009-08-06 19:23 . 2009-08-06 19:23 274288 c:\windows\SoftwareDistribution\SelfUpdate\Registered\mucltui.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
    + 2008-07-29 23:40 . 2008-07-29 23:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
    + 2009-11-15 22:39 . 2009-11-15 22:39 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
    + 2008-07-29 18:47 . 2008-07-29 18:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    + 2008-07-29 18:47 . 2008-07-29 18:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
    + 2008-07-29 23:15 . 2008-07-29 23:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
    + 2008-07-29 23:40 . 2008-07-29 23:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
    + 2008-07-29 20:35 . 2008-07-29 20:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
    + 2008-07-29 19:59 . 2008-07-29 19:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
    + 2008-07-29 19:16 . 2008-07-29 19:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    + 2008-07-29 19:16 . 2008-07-29 19:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
    + 2008-07-29 19:16 . 2008-07-29 19:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
    - 2007-10-11 08:55 . 2007-10-11 08:55 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
    + 2008-07-29 19:24 . 2008-07-29 19:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    + 2008-07-29 19:16 . 2008-07-29 19:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 438272 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 367104 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 998408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2008-07-25 11:16 . 2008-07-25 11:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    - 2005-12-12 15:26 . 2004-07-19 18:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    + 2005-12-12 15:26 . 2009-06-23 21:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    - 2005-12-12 15:26 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    + 2005-12-12 15:26 . 2009-06-23 22:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    + 2009-11-15 22:41 . 2009-11-15 22:41 648192 c:\windows\Installer\dc8f3.msi
    + 2008-07-29 21:23 . 2008-07-29 21:23 250880 c:\windows\Installer\989a7.msp
    + 2008-07-29 21:28 . 2008-07-29 21:28 278016 c:\windows\Installer\989a5.msp
    + 2008-07-29 19:40 . 2008-07-29 19:40 291840 c:\windows\Installer\989a3.msp
    + 2009-11-15 22:38 . 2009-11-15 22:38 137728 c:\windows\Installer\9899d.msi
    + 2008-07-29 17:35 . 2008-07-29 17:35 553472 c:\windows\Installer\47ff0.msp
    + 2008-07-29 17:33 . 2008-07-29 17:33 506368 c:\windows\Installer\47fee.msp
    + 2008-07-29 17:37 . 2008-07-29 17:37 911360 c:\windows\Installer\47fed.msp
    + 2009-11-14 01:48 . 2009-11-14 01:48 140288 c:\windows\Installer\26dbaa9.msi
    + 2009-05-26 18:53 . 2009-05-26 18:53 579072 c:\windows\Installer\173012e.msp
    + 2009-11-13 21:15 . 2009-11-13 21:15 248832 c:\windows\Installer\17300ea.msi
    - 2008-12-09 03:07 . 2008-12-09 03:07 217864 c:\windows\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
    + 2009-11-13 21:30 . 2009-11-13 21:30 217864 c:\windows\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-10-29 18:37 . 2008-10-29 18:37 461616 c:\windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.4518\OWC11PIA.DLL
    + 2006-10-27 14:16 . 2006-10-27 14:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
    + 2006-10-27 14:16 . 2006-10-27 14:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
    + 2006-10-26 19:55 . 2006-10-26 19:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
    + 2006-10-26 19:55 . 2006-10-26 19:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
    + 2006-10-26 19:55 . 2006-10-26 19:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
    + 2005-12-12 15:25 . 2009-08-18 10:55 179712 c:\windows\ehome\ehkeyctl.dll
    + 2009-11-15 22:33 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
    + 2009-11-15 22:33 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
    + 2009-11-15 22:33 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
    + 2009-11-15 22:33 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
    + 2009-11-15 22:33 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
    + 2009-11-13 21:17 . 2009-11-13 21:17 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_f805f229\System.Drawing.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dbb2fcd246efaf3df823410597cd1677\UIAutomationTypes.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d255ab525d10d8fefe5df9ba092b2df8\UIAutomationClient.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 140800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ef1a93d10c3a91b728745dbfcc79c2c7\PresentationFramework.Classic.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e71fd0d299c5668c96a54e4a63479fa\PresentationFramework.Aero.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\79c2fd29b1e46c943960278051b4e1b9\PresentationFramework.Royale.ni.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 225280 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-11-15 22:36 . 2009-11-15 22:36 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2008-07-30 18:21 . 2008-07-30 18:21 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2009-11-15 22:36 . 2009-11-15 22:36 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2008-07-30 18:21 . 2008-07-30 18:21 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2009-11-15 22:36 . 2009-11-15 22:36 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2008-07-30 18:21 . 2008-07-30 18:21 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-11-15 22:35 . 2009-11-15 22:35 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2008-07-30 18:21 . 2008-07-30 18:21 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2009-11-15 22:35 . 2009-11-15 22:35 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2008-07-30 18:21 . 2008-07-30 18:21 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
     
    kiranp,
    #8
  10. 2009/11/15
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    + 2009-11-15 22:40 . 2009-11-15 22:40 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
    - 2008-07-30 18:19 . 2008-07-30 18:19 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-11-15 22:35 . 2009-11-15 22:35 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2009-11-13 21:26 . 2009-11-13 21:26 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2009-11-13 21:30 . 2009-11-13 21:30 477032 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    + 2009-11-13 19:44 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
    + 2005-12-12 15:28 . 2009-08-06 19:23 1929952 c:\windows\system32\wuaueng.dll
    - 2005-12-12 06:13 . 2008-06-18 05:03 2458112 c:\windows\system32\WMVCore.dll
    + 2005-12-12 06:13 . 2009-05-20 04:56 2458112 c:\windows\system32\WMVCore.dll
    + 2005-12-12 06:12 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
    + 2009-11-15 22:35 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
    + 2009-11-15 22:35 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
    + 2009-11-15 22:35 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
    + 2009-11-15 22:35 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
    + 2009-11-15 22:33 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
    + 2005-12-12 06:12 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
    - 2005-12-12 06:12 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
    + 2005-12-12 06:12 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
    + 2005-12-12 06:12 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
    - 2005-12-12 06:12 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
    + 2005-12-12 06:12 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
    - 2004-08-03 22:59 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
    + 2004-08-03 22:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
    + 2005-12-12 15:25 . 2009-06-10 09:19 2066432 c:\windows\system32\mstscax.dll
    - 2005-12-12 15:19 . 2009-05-01 15:07 1745216 c:\windows\system32\FNTCACHE.DAT
    + 2005-12-12 15:19 . 2009-11-14 01:55 1745216 c:\windows\system32\FNTCACHE.DAT
    + 2005-12-12 15:28 . 2009-08-06 19:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
    + 2005-12-12 06:13 . 2009-05-20 04:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
    - 2005-12-12 06:13 . 2008-06-18 05:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
    + 2008-12-08 15:54 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
    + 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
    + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
    + 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
    - 2008-12-08 15:49 . 2008-08-14 10:11 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-12-08 15:49 . 2009-08-04 20:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-12-08 15:49 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2008-12-08 15:49 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-12-08 15:49 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-12-08 15:49 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-12-08 15:49 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-12-08 15:49 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2005-12-12 15:25 . 2009-06-10 09:19 2066432 c:\windows\system32\dllcache\mstscax.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
    + 2008-07-29 18:47 . 2008-07-29 18:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
    + 2008-07-29 18:47 . 2008-07-29 18:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
    + 2008-07-29 23:40 . 2008-07-29 23:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
    + 2008-07-29 19:59 . 2008-07-29 19:59 1738760 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
    + 2008-07-29 19:16 . 2008-07-29 19:16 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    - 2007-10-24 00:47 . 2007-10-24 00:47 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    - 2007-10-24 00:47 . 2007-10-24 00:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2008-07-25 11:17 . 2008-07-25 11:17 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 5238784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 5815296 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2008-07-25 11:17 . 2008-07-25 11:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2008-07-25 11:16 . 2008-07-25 11:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    - 2005-12-12 15:26 . 2007-01-02 15:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    + 2005-12-12 15:26 . 2009-06-29 11:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    - 2005-12-12 15:26 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    + 2005-12-12 15:26 . 2009-06-23 22:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    - 2005-12-12 15:26 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
    + 2005-12-12 15:26 . 2009-06-23 22:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
    + 2005-12-12 15:26 . 2009-06-29 11:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    - 2005-12-12 15:26 . 2007-01-02 15:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    + 2008-07-29 19:26 . 2008-07-29 19:26 1043456 c:\windows\Installer\989a6.msp
    + 2008-07-29 20:37 . 2008-07-29 20:37 2679808 c:\windows\Installer\989a4.msp
    + 2008-07-29 21:15 . 2008-07-29 21:15 3697664 c:\windows\Installer\989a2.msp
    + 2008-07-29 19:34 . 2008-07-29 19:34 1448448 c:\windows\Installer\989a1.msp
    + 2008-07-29 20:22 . 2008-07-29 20:22 4137984 c:\windows\Installer\989a0.msp
    + 2008-07-29 19:18 . 2008-07-29 19:18 3376640 c:\windows\Installer\9899f.msp
    + 2008-07-29 17:45 . 2008-07-29 17:45 2543616 c:\windows\Installer\47ff4.msp
    + 2008-07-29 17:29 . 2008-07-29 17:29 2926080 c:\windows\Installer\47ff3.msp
    + 2008-07-29 17:41 . 2008-07-29 17:41 6487040 c:\windows\Installer\47ff2.msp
    + 2008-07-29 17:39 . 2008-07-29 17:39 3403264 c:\windows\Installer\47ff1.msp
    + 2008-07-29 17:43 . 2008-07-29 17:43 1013248 c:\windows\Installer\47fef.msp
    + 2008-07-29 17:31 . 2008-07-29 17:31 6083072 c:\windows\Installer\47fec.msp
    + 2009-10-16 07:03 . 2009-10-16 07:03 5003776 c:\windows\Installer\26dbabf.msp
    + 2009-05-26 18:54 . 2009-05-26 18:54 4192768 c:\windows\Installer\1730219.msp
    + 2009-08-18 12:58 . 2009-08-18 12:58 8301056 c:\windows\Installer\17301fd.msp
    + 2009-07-02 16:22 . 2009-07-02 16:22 4854272 c:\windows\Installer\17301e5.msp
    + 2009-04-24 12:30 . 2009-04-24 12:30 2583552 c:\windows\Installer\17301dc.msp
    + 2009-02-25 19:08 . 2009-02-25 19:08 8311808 c:\windows\Installer\17301af.msp
    + 2009-08-05 07:49 . 2009-08-05 07:49 3457024 c:\windows\Installer\17301a7.msp
    + 2009-04-24 12:28 . 2009-04-24 12:28 4450816 c:\windows\Installer\173018e.msp
    + 2009-07-27 04:31 . 2009-07-27 04:31 3738624 c:\windows\Installer\1730161.msp
    + 2009-08-18 12:57 . 2009-08-18 12:57 9122304 c:\windows\Installer\1730158.msp
    + 2009-08-18 13:08 . 2009-08-18 13:08 1373696 c:\windows\Installer\1730117.msp
    + 2009-04-24 12:29 . 2009-04-24 12:29 9013760 c:\windows\Installer\17300a7.msp
    - 2007-07-25 16:53 . 2008-12-22 14:25 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2007-07-25 16:53 . 2009-11-14 01:49 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    - 2007-07-25 16:53 . 2008-12-22 14:25 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2007-08-24 04:32 . 2007-08-24 04:32 7049616 c:\windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.6213\OWC11.DLL
    + 2007-08-24 06:10 . 2007-08-24 06:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
    + 2007-08-24 06:10 . 2007-08-24 06:10 1846160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
    + 2007-08-23 00:03 . 2007-08-23 00:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
    + 2008-12-08 15:49 . 2009-08-04 20:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    - 2008-12-08 15:49 . 2008-08-14 10:11 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-12-08 15:49 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-12-08 15:49 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-12-08 15:49 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-12-08 15:49 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-12-08 15:49 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2008-12-08 15:49 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2009-11-13 21:17 . 2009-11-13 21:17 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_f88b96ec\System.dll
    + 2009-11-13 21:18 . 2009-11-13 21:18 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_47952f9f\System.Xml.dll
    + 2009-11-13 21:18 . 2009-11-13 21:18 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_0c50fdd8\System.Windows.Forms.dll
    + 2009-11-13 21:17 . 2009-11-13 21:17 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_c34f7e7b\System.Design.dll
    + 2009-11-13 21:17 . 2009-11-13 21:17 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_7bfb0aea\mscorlib.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 3311104 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8698f073a59ef0db10a3258b1f1deaee\UIAutomationClientsideProviders.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 7867392 c:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 5449728 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\db428f231a2ccaf490ae219efd2edc69\System.Printing.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 6614016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
    + 2009-11-15 22:43 . 2009-11-15 22:43 2508800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\57f7cf02ea17b36bc3d9c75c22d0f551\System.Data.OracleClient.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 2510848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll
    + 2009-11-15 22:46 . 2009-11-15 22:46 2294784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 2125824 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5c59991df60164cae10fd81b88a8e5b1\ReachFramework.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 1656832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\87fb973e4ab6a21fd00e45656fa7c115\PresentationUI.ni.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b6bfb51dec7f8cc42c21c5928470c773\PresentationBuildTasks.ni.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2009-11-15 22:36 . 2009-11-15 22:36 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-11-15 22:40 . 2009-11-15 22:40 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-11-15 22:37 . 2009-11-15 22:37 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2009-11-15 22:31 . 2009-11-15 22:31 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-11-13 21:17 . 2009-11-13 21:17 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    - 2008-12-09 10:30 . 2008-12-09 10:30 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    + 2005-12-12 06:13 . 2009-07-13 23:43 10841088 c:\windows\system32\wmp.dll
    + 2009-11-13 21:30 . 2009-11-05 09:36 26768832 c:\windows\system32\MRT.exe
    + 2005-12-12 06:13 . 2009-07-13 23:43 10841088 c:\windows\system32\dllcache\wmp.dll
    + 2009-11-13 21:20 . 2009-11-13 21:20 15709696 c:\windows\Installer\1730137.msp
    + 2009-02-25 19:07 . 2009-02-25 19:07 11646464 c:\windows\Installer\1730100.msp
    + 2009-08-18 12:50 . 2009-08-18 12:50 12022272 c:\windows\Installer\17300e3.msp
    + 2009-11-15 22:33 . 2009-11-15 22:33 11481088 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9A.tmp\mscorlib.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 12428800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 11791360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 10681344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
    + 2009-11-15 22:45 . 2009-11-15 22:45 14320128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
    + 2009-11-15 22:44 . 2009-11-15 22:44 12213248 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
    + 2009-11-15 22:42 . 2009-11-15 22:42 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-02-19 00:00 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2009-11-02 289584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "SonyPowerCfg "= "c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
    "nod32kui "= "c:\program files\Eset\nod32kui.exe" [2007-07-18 950664]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2005-11-29 86016]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWinKeys "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-09-23 14:24 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^Sony Laptop^Start Menu^Programs^Startup^.lnk]
    path=c:\documents and settings\Sony Laptop\Start Menu\Programs\Startup\.lnk
    backup=c:\windows\pss\.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\eMule\\emule.exe "=
    "c:\\Program Files\\Winamp\\winamp.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe "=
    "c:\\WINDOWS\\ehome\\ehshell.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe "=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "c:\\Program Files\\NetMeeting\\conf.exe "=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe "=
    "c:\\Program Files\\Soulseek\\slsk.exe "=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe "=
    "c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
    "c:\\Program Files\\Apoint\\ApntEx.exe "=
    "c:\\Program Files\\Qtracker\\qtracker.exe "=
    "%windir%\\system32\\drivers\\svchost.exe "=
    "c:\\Program Files\\SopCast\\SopCast.exe "=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Spotify\\spotify.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "28900:TCP "= 28900:TCP:ut
    "27900:UDP "= 27900:UDP:ut sw
    "56566:TCP "= 56566:TCP:emule2
    "9998:UDP "= 9998:UDP:emule udp
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "1723:TCP "= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP "= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP "= 500:UDP:mad:xpsp2res.dll,-22017
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "5656:UDP "= 5656:UDP:gremote
    "5656:TCP "= 5656:TCP:5656

    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18/07/2007 16:53 15424]
    R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/01/2004 15:33 13952]
    R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/01/2004 15:32 28800]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/12/2005 06:13 28800]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/12/2005 06:13 808448]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\SONYLA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\SONYLA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/12/2007 16:57 13352]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
    S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\rt2500usb.sys [29/08/2007 21:03 241536]
    S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - FONTCACHE3.0.0.0
    *Deregistered* - mbr
    *Deregistered* - PROCEXP113
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-09-27 13:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
    uInternet Settings,ProxyServer = http=217.65.158.65:8080
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    LSP: c:\windows\system32\imon.dll
    DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0}
    FF - ProfilePath - c:\documents and settings\Sony Laptop\Application Data\Mozilla\Firefox\Profiles\axj4qchx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\documents and settings\Sony Laptop\Application Data\Mozilla\Firefox\Profiles\axj4qchx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-15 22:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A599D78]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x8a599d78
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    Use "Recovery Console" command "fixmbr" to clear infection !

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1428)
    c:\windows\system32\VESWinlogon.dll

    - - - - - - - > 'lsass.exe'(1484)
    c:\windows\system32\imon.dll
    .
    Completion time: 2009-11-15 22:48
    ComboFix-quarantined-files.txt 2009-11-15 22:48
    ComboFix2.txt 2009-11-13 14:37

    Pre-Run: 22,321,438,720 bytes free
    Post-Run: 22,216,929,280 bytes free

    - - End Of File - - 6EBF51B80A8B4FD611094FB72C9F0A27
     
    kiranp,
    #9
  11. 2009/11/15
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:58:48, on 15/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Sony Laptop\Desktop\HijackThis(2).exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=217.65.158.65:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
    O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} -
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe

    --
    End of file - 11042 bytes
     
    kiranp,
    #10
  12. 2009/11/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    KillAll::

Mbr::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #11
  13. 2009/11/15
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    ComboFix 09-11-16.03 - Sony Laptop 16/11/2009 1:30.8.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1495 [GMT 0:00]
    Running from: c:\documents and settings\Sony Laptop\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Sony Laptop\Desktop\CFScript.txt
    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
    .

    2009-11-15 22:33 . 2009-11-15 22:35 -------- d-----w- C:\6a4f39fbad56763de7eced
    2009-11-15 22:29 . 2009-11-15 22:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-11-13 19:42 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2009-11-13 19:42 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2009-11-13 19:42 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2009-11-13 19:42 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2009-11-13 19:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2009-11-13 19:42 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2009-11-13 19:42 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2009-11-13 19:42 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2009-11-13 19:42 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2009-11-13 19:40 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-11-13 19:38 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2009-11-13 19:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2009-11-06 18:35 . 2009-11-06 18:36 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\Notepad++
    2009-11-06 18:35 . 2009-11-06 18:35 -------- d-----w- c:\program files\Notepad++
    2009-11-06 18:16 . 2009-11-06 18:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-11-06 18:01 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-06 18:00 . 2009-11-06 18:00 -------- d-----w- c:\program files\Windows Defender
    2009-11-06 03:20 . 2009-11-06 03:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-11-05 21:54 . 2009-11-05 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2009-11-05 21:14 . 2009-11-05 21:23 -------- d-----w- c:\windows\BDOSCAN8
    2009-11-05 20:10 . 2009-11-05 20:10 -------- d-sh--w- c:\documents and settings\Sony Laptop\PrivacIE
    2009-11-05 18:39 . 2009-11-05 18:39 -------- d-sh--w- c:\documents and settings\Sony Laptop\IETldCache
    2009-11-02 23:43 . 2009-11-02 23:44 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\documents and settings\Sony Laptop\Local Settings\Application Data\SupportSoft
    2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\program files\Common Files\SupportSoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-16 03:58 . 2007-07-23 00:08 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\uTorrent
    2009-11-16 03:58 . 2007-07-08 07:52 88568 ----a-w- c:\documents and settings\Sony Laptop\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-14 01:55 . 2009-08-02 20:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-11-14 01:49 . 2007-07-18 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-11-13 16:55 . 2007-09-27 18:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-13 16:55 . 2007-09-27 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-13 14:45 . 2009-01-02 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-28 16:37 . 2007-07-18 16:14 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\SoundSpectrum
    2009-10-28 15:43 . 2007-07-18 16:13 -------- d-----w- c:\program files\SoundSpectrum
    2009-10-11 14:52 . 2009-09-27 16:36 -------- d-----w- c:\program files\ffdshow
    2009-09-27 17:14 . 2009-09-27 17:14 -------- d-----w- c:\program files\ApecSoft
    2009-09-27 17:14 . 2009-09-27 16:59 80896 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\LZMA.dll
    2009-09-27 17:14 . 2009-09-27 16:59 5632 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Swap.dll
    2009-09-27 17:14 . 2009-09-27 16:59 5120 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Copy.dll
    2009-09-27 17:14 . 2009-09-27 16:59 18944 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Codecs\Branch.dll
    2009-09-27 17:14 . 2009-09-27 16:59 129024 ----a-w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip\Formats\7z.dll
    2009-09-27 16:59 . 2009-09-27 16:59 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\Seven Zip
    2009-09-27 16:58 . 2009-09-27 16:58 -------- d-----w- c:\documents and settings\Sony Laptop\Application Data\avidemux
    2009-09-27 16:53 . 2009-09-27 16:51 -------- d-----w- c:\program files\Ultra Video Joiner
    2009-09-11 14:18 . 2005-12-12 06:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 14:54 . 2009-01-02 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 14:53 . 2009-01-02 17:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 21:03 . 2005-12-12 06:12 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-26 08:00 . 2005-12-12 06:13 247326 ----a-w- c:\windows\system32\strmdll.dll
    2008-11-05 10:51 . 2009-07-18 12:28 203965 ----a-w- c:\program files\always-on-top.exe
    2008-04-14 00:12 . 2008-12-10 19:26 60416 --sha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
    2008-02-17 13:04 . 2007-12-05 00:40 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 9784E0719124E4A23989AEF9E7CA02D6 . 975360 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2004-08-10 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.46.31 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-14 15:43 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
    + 2006-10-14 19:21 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
    + 2006-10-14 15:44 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    + 2006-10-14 15:43 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
    + 2006-10-14 19:21 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
    + 2006-10-14 15:44 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    + 2009-11-15 22:54 . 2009-11-15 22:54 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
    + 2009-11-15 22:46 . 2009-11-15 22:46 239616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a18dff8832712a0f6cccaaefbcc45861\WindowsFormsIntegration.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 858112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 620032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\643e95098a9ce99a598d3419b5ce157f\System.Messaging.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
    + 2009-11-15 22:48 . 2009-11-15 22:48 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
    + 2009-11-15 22:48 . 2009-11-15 22:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 632832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\6e07cc846884a853b910775fcec87ced\sysglobl.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
    + 2009-11-15 22:54 . 2009-11-15 22:54 255488 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
    + 2009-11-15 22:54 . 2009-11-15 22:54 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
    + 2009-11-15 22:54 . 2009-11-15 22:54 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
    + 2009-11-15 22:54 . 2009-11-15 22:54 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
    + 2006-10-14 19:22 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
    - 2005-12-12 15:19 . 2009-11-14 01:55 1745216 c:\windows\system32\FNTCACHE.DAT
    + 2005-12-12 15:19 . 2009-11-16 03:57 1745216 c:\windows\system32\FNTCACHE.DAT
    + 2006-10-14 19:22 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 1355264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 1904128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 4510720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 2989568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
    + 2009-11-15 22:56 . 2009-11-15 22:56 1912832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2e7a6c977ac9f8d46ebe2982697a0c8d\System.Speech.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
    + 2009-11-15 22:48 . 2009-11-15 22:48 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
    + 2009-11-15 22:48 . 2009-11-15 22:48 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 1711104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
    + 2009-11-15 22:55 . 2009-11-15 22:55 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
    + 2009-11-15 22:54 . 2009-11-15 22:54 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
    + 2009-11-15 22:48 . 2009-11-15 22:48 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-02-19 00:00 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2009-11-02 289584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "SonyPowerCfg "= "c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
    "nod32kui "= "c:\program files\Eset\nod32kui.exe" [2007-07-18 950664]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2005-11-29 86016]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWinKeys "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-09-23 14:24 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^Sony Laptop^Start Menu^Programs^Startup^.lnk]
    path=c:\documents and settings\Sony Laptop\Start Menu\Programs\Startup\.lnk
    backup=c:\windows\pss\.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\eMule\\emule.exe "=
    "c:\\Program Files\\Winamp\\winamp.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe "=
    "c:\\WINDOWS\\ehome\\ehshell.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe "=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "c:\\Program Files\\NetMeeting\\conf.exe "=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe "=
    "c:\\Program Files\\Soulseek\\slsk.exe "=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe "=
    "c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
    "c:\\Program Files\\Apoint\\ApntEx.exe "=
    "c:\\Program Files\\Qtracker\\qtracker.exe "=
    "%windir%\\system32\\drivers\\svchost.exe "=
    "c:\\Program Files\\SopCast\\SopCast.exe "=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Spotify\\spotify.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "28900:TCP "= 28900:TCP:ut
    "27900:UDP "= 27900:UDP:ut sw
    "56566:TCP "= 56566:TCP:emule2
    "9998:UDP "= 9998:UDP:emule udp
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "1723:TCP "= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP "= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP "= 500:UDP:mad:xpsp2res.dll,-22017
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "5656:UDP "= 5656:UDP:gremote
    "5656:TCP "= 5656:TCP:5656

    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18/07/2007 16:53 15424]
    R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/01/2004 15:33 13952]
    R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/01/2004 15:32 28800]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/12/2005 06:13 28800]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/12/2005 06:13 808448]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\SONYLA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\SONYLA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/12/2007 16:57 13352]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
    S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\rt2500usb.sys [29/08/2007 21:03 241536]
    S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mbr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-09-27 13:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
    uInternet Settings,ProxyServer = http=217.65.158.65:8080
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    LSP: c:\windows\system32\imon.dll
    DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0}
    FF - ProfilePath - c:\documents and settings\Sony Laptop\Application Data\Mozilla\Firefox\Profiles\axj4qchx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\documents and settings\Sony Laptop\Application Data\Mozilla\Firefox\Profiles\axj4qchx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-16 03:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4744D8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x8a4744d8
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    Use "Recovery Console" command "fixmbr" to clear infection !

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1428)
    c:\windows\system32\VESWinlogon.dll

    - - - - - - - > 'lsass.exe'(1484)
    c:\windows\system32\imon.dll

    - - - - - - - > 'explorer.exe'(324)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\ntshrui.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\Apoint\Apntex.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\MsiExec.exe
    .
    **************************************************************************
    .
    Completion time: 2009-11-16 04:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-11-16 04:09
    ComboFix2.txt 2009-11-15 22:48
    ComboFix3.txt 2009-11-13 14:37

    Pre-Run: 22,218,039,296 bytes free
    Post-Run: 21,297,270,784 bytes free

    - - End Of File - - E876EB4CE6AF976723A9E110130CF3D6
     
    kiranp,
    #12
  14. 2009/11/15
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:14:37, on 16/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Sony Laptop\Desktop\sldimdist.exe
    C:\Documents and Settings\Sony Laptop\Desktop\HijackThis(2).exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=217.65.158.65:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
    O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} -
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe

    --
    End of file - 11103 bytes
     
    kiranp,
    #13
  15. 2009/11/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Restart computer.


    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    Post fresh HijackThis log as well.
     
    broni,
    #14
  16. 2009/11/18
    kiranp

    kiranp Inactive Thread Starter

    Joined:
    2008/12/03
    Messages:
    18
    Likes Received:
    0
    i ran Dr web, it finished the scan and it mentioned that no viruses were found, but when i proceeded to save a log file as mentioned the option was greyed out so i couldnt create one.

    heres the hijack log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:20:30, on 18/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Documents and Settings\Sony Laptop\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-EFG\Setup.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sony Laptop\Desktop\HijackThis(2).exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=217.65.158.65:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
    O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} -
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe

    --
    End of file - 11389 bytes
     
    kiranp,
    #15
  17. 2009/11/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very well then :)

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ================================================================

    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    ================================================================

    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.

    =============================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    - O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    - O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    - O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} -


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    - O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe ".
    - O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe "


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #16

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...