Virus fklzjz.exe

  1. 12-07-2010  #11
    rioncks
    rioncks is offline Junior Member

    re: Virus fklzjz.exe

    Malwarebytes' Anti-Malware 1.46
    Malwarebytes

    Database version: 4304

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    12/07/2010 11:40:44 AM
    mbam-log-2010-07-12 (11-40-44).txt

    Scan type: Quick scan
    Objects scanned: 139788
    Time elapsed: 12 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Nothing detected i Guess my Notebook if free from Spyware or Virus. Lets see if it comes back or not as sometimes the file will pop back out.
    Will Update as Case close if there is no sign of the Spyware or Virus
    Thanks

  3. 12-07-2010  #12
    broni
    broni is offline Senior Member
    No, no, it doesn't work that way. I'll tell you, when you're good to go.
    I still need Attach.txt part of DDS log and GMER log.
  4. 12-07-2010  #13
    rioncks
    rioncks is offline Junior Member
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 03/02/2010 3:52:10 PM
    System Uptime: 07/10/2010 10:57:17 AM (-2087 hours ago)

    Motherboard: Hewlett-Packard | | 30DB
    Processor: Intel Pentium III Xeon processor | Intel(R) Genuine processor | 790/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 24 GiB total, 6.121 GiB free.
    D: is FIXED (NTFS) - 125 GiB total, 94.518 GiB free.
    E: is CDROM ()
    X: is NetworkDisk (NTFS) - 127 GiB total, 2.933 GiB free.
    Y: is NetworkDisk (NTFS) - 1397 GiB total, 1150.765 GiB free.
    Z: is NetworkDisk (NTFS) - 1397 GiB total, 1150.765 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\1122334455667788
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\1122334455667788
    Service: NIC1394

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems SSL VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems SSL VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CSVirtA

    ==== System Restore Points ===================

    RP122: 04/06/2010 10:11:15 AM - System Checkpoint
    RP123: 04/06/2010 12:00:20 PM - Software Distribution Service 3.0
    RP124: 05/06/2010 8:42:24 PM - System Checkpoint
    RP125: 07/06/2010 8:39:48 PM - System Checkpoint
    RP126: 10/06/2010 11:04:21 AM - System Checkpoint
    RP127: 11/06/2010 12:05:09 PM - System Checkpoint
    RP128: 13/06/2010 3:14:09 PM - System Checkpoint
    RP129: 17/06/2010 1:35:35 PM - System Checkpoint
    RP130: 18/06/2010 12:00:30 PM - Software Distribution Service 3.0
    RP131: 22/06/2010 5:53:51 PM - System Checkpoint
    RP132: 23/06/2010 9:55:07 AM - Installed iTunes
    RP133: 26/06/2010 6:43:50 PM - System Checkpoint
    RP134: 28/06/2010 11:17:01 AM - System Checkpoint
    RP135: 28/06/2010 3:38:18 PM - Installed Adobe Acrobat 9 Standard.
    RP136: 01/07/2010 10:29:01 AM - System Checkpoint
    RP137: 02/07/2010 1:43:03 PM - System Checkpoint
    RP138: 04/07/2010 6:09:44 PM - System Checkpoint
    RP139: 05/07/2010 9:51:07 PM - System Checkpoint
    RP140: 07/07/2010 6:55:04 PM - System Checkpoint
    RP141: 09/07/2010 12:00:20 PM - Software Distribution Service 3.0
    RP142: 10/07/2010 11:03:54 PM - System Checkpoint
    RP143: 12/07/2010 9:23:01 AM - System Checkpoint

    ==== Installed Programs ======================


    32 Bit HP CIO Components Installer
    6425
    Acrobat.com
    Adobe Acrobat 9 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    Agere Systems HDA Modem
    Any Video Converter 3.0.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AuthenTec Fingerprint System
    Autodesk Design Review 2009
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    CCleaner (remove only)
    Cisco SSL VPN Client
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.8
    DWG TrueView 2009
    Embedded Security for HP ProtectTools Driver
    FastStone Photo Resizer 2.9
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP 3D DriveGuard
    HP Integrated Module with Bluetooth wireless technology
    HP Quick Launch Buttons 6.40 E1
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections Drivers
    InterVideo Register Manager
    InterVideo WinDVD
    IrfanView (remove only)
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Java Auto Updater
    Java(TM) 6 Update 19
    K-Lite Mega Codec Pack 5.0.5
    Learning Content Development System
    LiveUpdate 3.2 (Symantec Corporation)
    Lotus Notes 7.0.2
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6.6)
    MpcStar 1.9
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    Nero 7 Ultra Edition
    Personal Data Keeper
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    RICOH R5C853 Media Driver Ver.1.02.00.06b
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Media Manager
    runtime
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Sonic Activation Module
    SoundMAX
    SUPERAntiSpyware Free Edition
    Symantec AntiVirus
    Synaptics Pointing Device Driver
    UltraVNC 1.0.5.6
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    VBA (2720)
    Viewpoint Media Player
    Visual CertExam Suite 1.9
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Server 2003 Service Pack 2 Administration Tools Pack
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    YouTube Downloader Toolbar v1.0
    ZipGenius 6 (6.0.3.1150)

    ==== Event Viewer Messages From Past Week ========

    08/07/2010 12:03:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    08/07/2010 11:49:44 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. STC Agent service terminated unexpectedly. It has done this 1 time(s).
    07/07/2010 7:47:27 AM, error: NETLOGON [5719] - No Domain Controller is available for domain ATCKL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    06/07/2010 538 PM, error: PlugPlayManager [12] - The device 'Communications Port (COM1)' (ACPI\PNP0501\5&230c8cd&0) disappeared from the system without first being prepared for removal.
    05/07/2010 8:34:42 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001E6503CC1E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
  5. 12-07-2010  #14
    broni
    broni is offline Senior Member
    ...and GMER...
  6. 12-07-2010  #15
    rioncks
    rioncks is offline Junior Member
    GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
    Rootkit quick scan 2010-07-12 12:57:56
    Windows 5.1.2600 Service Pack 3
    Running: rnrb5y9p.exe; Driver: C:\DOCUME~1\RIONCH~1\LOCALS~1\Temp\awtdrpod.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----

    Just found out that the file pop out again. Suspect that the network is infected cos its inside a share folder of mine
  7. 12-07-2010  #16
    broni
    broni is offline Senior Member
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. 13-07-2010  #17
    rioncks
    rioncks is offline Junior Member
    ComboFix 10-07-12.02 - Rion Chong 13/07/2010 10:04:42.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.1455 [GMT 8:00]
    Running from: c:\documents and settings\Rion Chong\Desktop\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
    .

    2010-07-12 03:21 . 2010-07-12 03:21 -------- d-----w- c:\documents and settings\Rion Chong\Application Data\Malwarebytes
    2010-07-12 03:21 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-12 03:21 . 2010-07-12 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-12 03:21 . 2010-07-12 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-12 03:21 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-08 05:38 . 2010-07-08 05:38 -------- d-----w- c:\program files\Common Files\xing shared
    2010-07-08 05:23 . 2010-07-08 05:23 734728 ----a-w- c:\documents and settings\Rion Chong\Application Data\Real\RealPlayer\setup\AU_setup15.exe
    2010-07-06 02:43 . 2010-07-06 02:43 -------- d-----w- c:\documents and settings\All Users\Immunet
    2010-07-06 02:43 . 2010-07-06 02:43 -------- d-----w- c:\documents and settings\Rion Chong\Application Data\Immunet
    2010-06-28 08:49 . 2010-06-28 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-06-28 07:42 . 2010-06-28 07:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-06-28 07:42 . 2008-04-06 21:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-06-28 07:42 . 2008-04-06 21:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-06-25 05:03 . 2010-06-25 05:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-06-23 02:40 . 2010-06-23 02:40 -------- d-----w- c:\documents and settings\Rion Chong\Application Data\Apple Computer
    2010-06-23 01:56 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-06-23 01:56 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-06-23 01:55 . 2010-06-23 01:55 -------- d-----w- c:\program files\iPod
    2010-06-23 01:55 . 2010-06-23 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-23 01:55 . 2010-06-23 01:56 -------- d-----w- c:\program files\iTunes
    2010-06-23 01:53 . 2010-06-23 01:53 -------- d-----w- c:\documents and settings\Rion Chong\Local Settings\Application Data\Apple
    2010-06-23 01:53 . 2010-06-23 01:53 -------- d-----w- c:\program files\Apple Software Update
    2010-06-23 01:52 . 2010-06-23 01:52 -------- d-----w- c:\program files\Bonjour
    2010-06-23 01:52 . 2010-06-23 01:55 -------- d-----w- c:\program files\Common Files\Apple
    2010-06-23 01:52 . 2010-06-23 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-06-23 01:47 . 2010-06-23 01:47 -------- d-----w- c:\documents and settings\Rion Chong\Local Settings\Application Data\Apple Computer
    2010-06-17 23:50 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
    2010-06-17 07:38 . 2010-03-05 14:37 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
    2010-06-15 12:01 . 2010-06-15 12:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-07-12 08:31 . 2010-02-03 08:50 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-07-12 08:31 . 2010-03-09 05:24 256 ----a-w- c:\windows\system32\pool.bin
    2010-07-08 05:38 . 2010-03-21 12:15 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimwmp.dll
    2010-07-08 05:38 . 2010-03-21 12:15 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimswf.dll
    2010-07-08 05:38 . 2010-03-21 12:15 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimrp.dll
    2010-07-08 05:38 . 2010-03-21 12:15 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims \rpnpshimqt.dll
    2010-07-08 05:38 . 2010-03-21 12:15 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt\Components\nprpffbrowserrecordext.dll
    2010-07-08 05:38 . 2010-03-21 12:15 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll
    2010-07-08 05:38 . 2010-03-10 10:56 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rp mainbrowserrecordplugin.dll
    2010-07-08 05:38 . 2010-03-21 12:15 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ho ok\rpchromebrowserrecordhelper.dll
    2010-07-08 05:38 . 2010-03-10 10:56 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
    2010-07-08 05:38 . 2010-03-10 10:56 -------- d-----w- c:\program files\Common Files\Real
    2010-07-08 05:38 . 2010-03-10 10:56 -------- d-----w- c:\program files\Real
    2010-07-08 03:55 . 2010-03-21 11:45 -------- d-----w- c:\program files\YouTube Downloader Toolbar
    2010-07-06 00:54 . 2010-03-11 08:03 117760 ----a-w- c:\documents and settings\Rion Chong\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
    2010-07-02 01:53 . 2010-03-09 11:07 91408 ----a-w- c:\documents and settings\Rion Chong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-28 07:42 . 2010-02-03 09:10 -------- d-----w- c:\program files\Common Files\Adobe
    2010-06-23 01:55 . 2010-02-03 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-06-11 02:34 . 2010-06-11 02:11 -------- d-----w- c:\program files\Google
    2010-06-07 09:07 . 2010-06-07 09:07 -------- d-----w- c:\documents and settings\Rion Chong\Application Data\AnvSoft
    2010-06-07 09:07 . 2010-06-07 09:07 -------- d-----w- c:\program files\AnvSoft
    2010-05-26 12:57 . 2010-03-09 13:57 -------- d-----w- c:\documents and settings\Rion Chong\Application Data\Roxio
    2010-05-18 08:35 . 2010-05-18 08:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 08:35 . 2010-05-18 08:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-05-18 08:35 . 2010-05-18 08:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 08:35 . 2010-05-18 08:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-04 17:20 . 2004-08-03 16:56 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20 . 2004-08-03 16:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20 . 2004-08-03 16:56 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-05-02 05:22 . 2004-08-03 15:17 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30 . 2004-08-03 16:56 285696 ----a-w- c:\windows\system32\atmfd.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-07-08_03.56.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-07-12 08:29 . 2010-07-12 08:29 16384 c:\windows\Temp\Perflib_Perfdata_314.dat
    + 2010-03-30 16:16 . 2010-03-30 16:16 99176 c:\windows\system32\PresentationHostProxy.dll
    - 2001-08-23 12:00 . 2010-07-01 00:12 67714 c:\windows\system32\perfc009.dat
    + 2001-08-23 12:00 . 2010-07-12 08:34 67714 c:\windows\system32\perfc009.dat
    + 2009-11-06 17:07 . 2009-11-06 17:07 49488 c:\windows\system32\netfxperf.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 11600 c:\windows\system32\mui\0409\mscorees.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbsc mp20_mscorlib.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfco unter.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorw ks.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_util s.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.ente rpriseservices.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data .dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.conf iguration.install.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dl l
    + 2009-11-06 17:07 . 2009-11-06 17:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dl l
    + 2009-11-06 17:07 . 2009-11-06 17:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.j script.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreade r.dll
    + 2009-11-06 17:07 . 2009-11-06 17:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2010-07-08 05:38 . 2010-07-08 05:38 20480 c:\windows\Installer\58c58a.msi
    + 2010-07-09 04:05 . 2010-07-09 04:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationProvider\1337669f2b57d77d323e2ff61a6273c6 \UIAutomationProvider.ni.dll
    + 2010-07-09 04:10 . 2010-07-09 04:10 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Pres#\b64786f7dc4abdcbadddcf0b3ba683d8 \System.Windows.Presentation.ni.dll
    + 2010-07-09 04:04 . 2010-07-09 04:04 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFontCac#\75ad1789a371d07b2557fb017f4da130 \PresentationFontCache.ni.exe
    + 2010-07-09 04:05 . 2010-07-09 04:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCFFRast#\a73eb71d24bc00b0d9eeb8d8c7867d25 \PresentationCFFRasterizer.ni.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
    - 2010-06-18 04:05 . 2010-06-18 04:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
    - 2010-06-18 04:05 . 2010-06-18 04:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2007-02-26 08:44 . 2010-07-08 05:38 5632 c:\windows\system32\pndx5032.dll
    - 2007-02-26 08:44 . 2010-03-21 12:15 5632 c:\windows\system32\pndx5032.dll
    + 2007-02-26 08:44 . 2010-07-08 05:38 6656 c:\windows\system32\pndx5016.dll
    - 2007-02-26 08:44 . 2010-03-21 12:15 6656 c:\windows\system32\pndx5016.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2007-02-26 08:44 . 2010-03-21 12:15 185920 c:\windows\system32\rmoc3260.dll
    + 2007-02-26 08:44 . 2010-07-08 05:38 185920 c:\windows\system32\rmoc3260.dll
    + 2010-03-30 16:10 . 2010-03-30 16:10 295264 c:\windows\system32\PresentationHost.exe
    - 2007-02-26 08:44 . 2010-03-21 12:14 278528 c:\windows\system32\pncrt.dll
    + 2007-02-26 08:44 . 2010-07-08 05:37 278528 c:\windows\system32\pncrt.dll
    + 2001-08-23 12:00 . 2010-07-12 08:34 432924 c:\windows\system32\perfh009.dat
    - 2001-08-23 12:00 . 2010-07-01 00:12 432924 c:\windows\system32\perfh009.dat
    + 2009-11-06 17:07 . 2009-11-06 17:07 297808 c:\windows\system32\mscoree.dll
    + 2010-03-30 16:16 . 2010-03-30 16:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationHostDLL.dll
    + 2010-07-09 04:07 . 2010-07-09 04:07 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\a26c0d1dea14541359ecbb5a828f02b7 \WindowsFormsIntegration.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClient\b719e67a81e2520c8bfded9333385df2\U IAutomationClient.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\7e4be5ee74f5a810a24434d4eca9cf9e \PresentationFramework.Aero.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\5efa89c322974561c088ce8ffb2987cd \PresentationFramework.Luna.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\55908c713bdcf809e4fce2d56405bda6 \PresentationFramework.Classic.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\19eef9275832bb27221b30a0f6e64880 \PresentationFramework.Royale.ni.dll
    + 2010-07-09 04:09 . 2010-07-09 04:09 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\01a0c8702eb7315f41c68a4479d23c81 \Microsoft.PowerShell.GraphicalHost.ni.dll
    + 2010-07-09 04:09 . 2010-07-09 04:09 363520 c:\windows\assembly\NativeImages_v2.0.50727_32\AdW indowsWrapper\3565cb024f1a451c6f3616ce30732d33\AdW indowsWrapper.ni.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
    - 2010-06-18 04:05 . 2010-06-18 04:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
    - 2010-06-18 04:05 . 2010-06-18 04:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
    - 2010-06-18 04:05 . 2010-06-18 04:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
    + 2010-07-09 04:03 . 2010-07-09 04:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
    - 2010-06-18 04:05 . 2010-06-18 04:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
    - 2010-06-18 04:05 . 2010-06-18 04:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
    + 2009-11-06 17:06 . 2009-11-06 17:06 1130824 c:\windows\system32\dfshim.dll
    + 2009-11-08 16:25 . 2009-11-08 16:25 1935360 c:\windows\Installer\5260c34.msp
    + 2010-02-04 01:48 . 2010-02-04 01:48 5283840 c:\windows\assembly\temp\U5ENV4CLU3\PresentationFr amework.dll
    + 2010-07-09 04:05 . 2010-07-09 04:05 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\f314902b1692d765d441008b16b998ba\WindowsB ase.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClients#\0e12f6af4388a51102d00524434b2cee \UIAutomationClientsideProviders.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Printing\7598ecd54b51151fab0f14f084c2fab1\Syst em.Printing.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Rea chFramework\c3b2895631f3ee0ec7b7eb7e2502020e\Reach Framework.ni.dll
    + 2010-07-09 04:06 . 2010-07-09 04:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationUI\8e5c135f87dcdfeb2ba306dba412cb6f\Prese ntationUI.ni.dll
    + 2010-07-09 04:09 . 2010-07-09 04:09 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\99eccd32298cc8de800dcf2b642c2397 \Microsoft.PowerShell.GPowerShell.ni.dll
    + 2010-07-09 04:09 . 2010-07-09 04:09 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\479a4514a75c5aca996cde564c3cdf93 \Microsoft.PowerShell.Editor.ni.dll
    + 2010-07-09 04:09 . 2010-07-09 04:09 1861632 c:\windows\assembly\NativeImages_v2.0.50727_32\AdW indows\d372b241ca0acce21f05e3091cbc1a9d\AdWindows. ni.dll
    + 2010-07-09 04:08 . 2010-07-09 04:08 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\acm gdinternal\7e165293c57fce68ee27de0d3d2a9fc1\acmgdi nternal.ni.dll
    + 2010-07-09 04:08 . 2010-07-09 04:08 2417152 c:\windows\assembly\NativeImages_v2.0.50727_32\acm gd\6c578de753bc2d8218f54f8378d9b97e\acmgd.ni.dll
    + 2010-07-09 04:08 . 2010-07-09 04:08 1418240 c:\windows\assembly\NativeImages_v2.0.50727_32\AcL ayer\a8bf6374c2dfbfd3e6ec95d0fac19be9\AcLayer.ni.d ll
    + 2010-07-09 04:04 . 2010-07-09 04:04 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__ 31bf3856ad364e35\WindowsBase.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
    + 2010-07-09 04:04 . 2010-07-09 04:04 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework \3.0.0.0__31bf3856ad364e35\PresentationFramework.d ll
    + 2010-07-09 04:03 . 2010-07-09 04:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
    - 2010-02-04 01:27 . 2010-02-04 01:27 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0. 0__31bf3856ad364e35\PresentationCore.dll
    + 2010-07-09 04:04 . 2010-07-09 04:04 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0. 0__31bf3856ad364e35\PresentationCore.dll
    + 2010-07-09 04:03 . 2010-07-09 04:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
    - 2010-06-18 04:05 . 2010-06-18 04:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
    + 2010-03-30 17:23 . 2010-03-30 17:23 15638528 c:\windows\Installer\5260c42.msp
    + 2010-07-09 04:06 . 2010-07-09 04:06 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\ec3330a271a37b2ddbcc77bca8983d69 \PresentationFramework.ni.dll
    + 2010-07-09 04:05 . 2010-07-09 04:05 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\192aa1f99ea3ec1a4f7933bcb04b6a51\Pre sentationCore.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "Google Update"="c:\documents and settings\Rion Chong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-09 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-14 178712]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-11-14 150040]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-08 202256]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "ForceStartMenuLogOff"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayAppl et]
    2008-05-08 07:19 77616 ----a-w- c:\windows\system32\accelerometerST.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2006-06-01 05:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-03-10 14:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-09 11:08 135664 ----atw- c:\documents and settings\Rion Chong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 05:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-11-14 00:52 150040 -c--a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-03 14:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2004-08-03 14:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 08:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-03 14:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-03 14:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-10-30 01:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 04:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    2010-02-19 12:27 974848 ----a-w- c:\program files\YouTube Downloader Toolbar\SearchSettings.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    2008-03-24 05:43 884736 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2008-04-04 15:09 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2008-03-27 18:28 1040384 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-07-08 05:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [12/02/2009 1:02 PM 24064]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7:56 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7:56 AM 74480]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19/02/2010 7:43 PM 380928]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [12/06/2008 12:21 PM 1164536]
    R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [30/09/2008 5:41 PM 116664]
    R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [04/03/2010 4:09 PM 1693128]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12/06/2008 2:40 PM 477696]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [03/02/2010 4:24 PM 193840]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27/03/2008 11:42 AM 244368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31/05/2010 10:21 AM 102448]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.s ys [23/07/2008 11:31 AM 44800]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [03/02/2010 4:23 PM 47616]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/06/2010 10:14 AM 136176]
    S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [30/03/2010 10:59 AM 22136]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7:56 AM 7408]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 12:56 AM 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 02:11]

    2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 02:11]

    2010-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2314886020-4099752948-3391854418-3670Core.job
    - c:\documents and settings\Rion Chong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 11:08]

    2010-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2314886020-4099752948-3391854418-3670UA.job
    - c:\documents and settings\Rion Chong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 11:08]

    2010-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2314886020-4099752948-3391854418-3670.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 19:02]

    2010-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2314886020-4099752948-3391854418-3670.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 19:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.my/
    uInternet Settings,ProxyServer =
    uInternet Settings,ProxyOverride =
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://lafargeapvpn.lafarge.com/CACHE/stc/1/binaries/stcweb.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    FF - ProfilePath - c:\documents and settings\Rion Chong\Application Data\Mozilla\Firefox\Profiles\yb8nz04c.default\
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - prefs.js: network.proxy.
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\Rion Chong\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
    FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin. dll
    FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2 .dll
    FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3 .dll
    FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4 .dll
    FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5 .dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-07-13 10:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(996)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\igfxdev.dll

    - - - - - - - > 'explorer.exe'(5412)
    c:\windows\system32\WININET.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-07-13 10:10:23
    ComboFix-quarantined-files.txt 2010-07-13 02:10
    ComboFix2.txt 2010-07-08 03:57

    Pre-Run: 6,496,260,096 bytes free
    Post-Run: 6,579,269,632 bytes free

    - - End Of File - - 4C8B77E0AF39B7F00E36F0E410B0B179
  9. 13-07-2010  #18
    broni
    broni is offline Senior Member
    So far, I don't see anything malicious.
    Where actually is that file created?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ================================================== =========

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases

    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  10. 13-07-2010  #19
    rioncks
    rioncks is offline Junior Member
    The file is under my scan folder that i have shared. I will try and unshare and delete the file and see if it comes back or not
  11. 13-07-2010  #20
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Go ahead and then run steps from my previous reply.
+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
« Toshiba Satellite is VERY slow and unresponsive | hijack log for losing files because of recycler virus »