Thepowell

21 Posts

May 8th, 2008 16:00

Random ie popups, advertisement - rootkit?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:16, on 08/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled
O4 - Global Startup: Google Updater.lnk.disabled
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202067261311
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DMK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Home\LOCALS~1\Temp\DMK.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8105 bytes

Responses(32)
Solutions(0)

bamajim

10.4K Posts

May 9th, 2008 12:00

Thepowell

Not much showing up in your log.

We need to temporarily disable a couple of program so they don't interefere with our fix tools

1. Spyware Doctor

To deactivate Spyware Doctor's OnGuard Tools

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

2. SpyBotS&D Tea timer.

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

3. Go HERE and download File Lister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply. Note: You may have to post the results in more than one reply

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Thepowell

21 Posts

May 9th, 2008 15:00

4/13/2008 12:31:52 PM 11488 C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor

4/13/2008 12:30:41 PM 11488 C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:52 PM 6862 C:\WINDOWS\assembly\GAC\Microsoft_VsaVb

4/13/2008 12:30:41 PM 6862 C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:55 PM 1564871 C:\WINDOWS\assembly\GAC\mscorcfg

4/13/2008 12:30:49 PM 1564871 C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:37:00 PM 33036 C:\WINDOWS\assembly\GAC\Regcode

4/13/2008 1:37:00 PM 33036 C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a

4/14/2008 7:49:21 PM 1233162 C:\WINDOWS\assembly\GAC\System

4/14/2008 7:49:20 PM 1233162 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089

4/13/2008 12:31:52 PM 78043 C:\WINDOWS\assembly\GAC\System.Configuration.Install

4/13/2008 12:30:49 PM 78043 C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:37:01 PM 1294612 C:\WINDOWS\assembly\GAC\System.Data

4/13/2008 1:37:01 PM 1294612 C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089

4/13/2008 1:36:59 PM 303406 C:\WINDOWS\assembly\GAC\System.Data.OracleClient

4/13/2008 1:36:59 PM 303406 C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089

4/13/2008 1:36:54 PM 1704216 C:\WINDOWS\assembly\GAC\System.Design

4/13/2008 1:36:54 PM 1704216 C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:37:03 PM 90414 C:\WINDOWS\assembly\GAC\System.DirectoryServices

4/13/2008 1:37:03 PM 90414 C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:58 PM 467226 C:\WINDOWS\assembly\GAC\System.Drawing

4/13/2008 1:36:58 PM 467226 C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:52 PM 65748 C:\WINDOWS\assembly\GAC\System.Drawing.Design

4/13/2008 12:30:49 PM 65748 C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:56 PM 308528 C:\WINDOWS\assembly\GAC\System.EnterpriseServices

4/13/2008 1:36:56 PM 308528 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:37:00 PM 373024 C:\WINDOWS\assembly\GAC\System.Management

4/13/2008 1:37:00 PM 373024 C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:37:04 PM 241950 C:\WINDOWS\assembly\GAC\System.Messaging

4/13/2008 1:37:04 PM 241950 C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:59 PM 323884 C:\WINDOWS\assembly\GAC\System.Runtime.Remoting

4/13/2008 1:36:59 PM 323884 C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089

4/13/2008 1:36:57 PM 131414 C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap

4/13/2008 1:36:57 PM 131414 C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:58 PM 78108 C:\WINDOWS\assembly\GAC\System.Security

4/13/2008 1:36:58 PM 78108 C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:37:02 PM 127272 C:\WINDOWS\assembly\GAC\System.ServiceProcess

4/13/2008 1:37:02 PM 127272 C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a

4/14/2008 7:49:19 PM 1265938 C:\WINDOWS\assembly\GAC\System.Web

4/14/2008 7:49:19 PM 1265938 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:53 PM 819488 C:\WINDOWS\assembly\GAC\System.Web.Mobile

4/13/2008 1:36:53 PM 819488 C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:56 PM 57656 C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions

4/13/2008 1:36:56 PM 57656 C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:55 PM 573732 C:\WINDOWS\assembly\GAC\System.Web.Services

4/13/2008 1:36:55 PM 573732 C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:58 PM 2052390 C:\WINDOWS\assembly\GAC\System.Windows.Forms

4/13/2008 1:36:57 PM 2052390 C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089

4/13/2008 1:37:00 PM 1339666 C:\WINDOWS\assembly\GAC\System.Xml

4/13/2008 1:37:00 PM 1339666 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089

4/13/2008 12:34:20 PM 19857118 C:\WINDOWS\assembly\GAC_32

4/13/2008 1:30:52 PM 69120 C:\WINDOWS\assembly\GAC_32\CustomMarshalers

4/13/2008 1:30:52 PM 69120 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:56 PM 72192 C:\WINDOWS\assembly\GAC_32\ISymWrapper

4/13/2008 1:30:56 PM 72192 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:33:20 PM 151552 C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc

4/13/2008 1:32:54 PM 151552 C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:42 PM 5459166 C:\WINDOWS\assembly\GAC_32\mscorlib

4/13/2008 1:30:42 PM 5459166 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089

4/13/2008 1:33:23 PM 4174336 C:\WINDOWS\assembly\GAC_32\PresentationCore

4/13/2008 1:33:05 PM 4174336 C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35

4/13/2008 1:30:47 PM 3036160 C:\WINDOWS\assembly\GAC_32\System.Data

4/13/2008 1:30:46 PM 3036160 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089

4/13/2008 1:30:57 PM 483840 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient

4/13/2008 1:30:57 PM 483840 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089

4/13/2008 1:30:59 PM 371712 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices

4/13/2008 1:30:59 PM 371712 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:33:23 PM 346624 C:\WINDOWS\assembly\GAC_32\System.Printing

4/13/2008 1:33:04 PM 346624 C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35

4/13/2008 1:30:56 PM 261120 C:\WINDOWS\assembly\GAC_32\System.Transactions

4/13/2008 1:30:56 PM 261120 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089

4/13/2008 1:30:45 PM 5431296 C:\WINDOWS\assembly\GAC_32\System.Web

4/13/2008 1:30:45 PM 5431296 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 12:34:18 PM 48199800 C:\WINDOWS\assembly\GAC_MSIL

4/13/2008 1:30:50 PM 10752 C:\WINDOWS\assembly\GAC_MSIL\Accessibility

4/13/2008 1:30:50 PM 10752 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:46 PM 507904 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt

4/13/2008 1:30:46 PM 507904 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:51 PM 13312 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd

4/13/2008 1:30:51 PM 13312 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:53 PM 8192 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote

4/13/2008 1:30:53 PM 8192 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:54 PM 77824 C:\WINDOWS\assembly\GAC_MSIL\IEHost

4/13/2008 1:30:54 PM 77824 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:54 PM 6656 C:\WINDOWS\assembly\GAC_MSIL\IIEHost

4/13/2008 1:30:54 PM 6656 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:31:00 PM 348160 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine

4/13/2008 1:31:00 PM 348160 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:31:00 PM 36864 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework

4/13/2008 1:31:00 PM 36864 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:31:01 PM 655360 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks

4/13/2008 1:31:01 PM 655360 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:31:01 PM 77824 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities

4/13/2008 1:31:01 PM 77824 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:55 PM 749568 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript

4/13/2008 1:30:55 PM 749568 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:33:21 PM 397312 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge

4/13/2008 1:32:55 PM 397312 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:53 PM 671744 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic

4/13/2008 1:30:53 PM 671744 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:53 PM 372736 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility

4/13/2008 1:30:53 PM 372736 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:54 PM 110592 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data

4/13/2008 1:30:54 PM 110592 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:58 PM 28672 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa

4/13/2008 1:30:57 PM 28672 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:43 PM 5632 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC

4/13/2008 1:30:43 PM 5632 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:52 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa

4/13/2008 1:30:52 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:59 PM 12800 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor

4/13/2008 1:30:58 PM 12800 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:52 PM 7168 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb

4/13/2008 1:30:52 PM 7168 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:33:20 PM 602112 C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks

4/13/2008 1:32:48 PM 602112 C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:22 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer

4/13/2008 1:33:05 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:23 PM 5210112 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework

4/13/2008 1:33:00 PM 5210112 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:23 PM 184320 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero

4/13/2008 1:33:02 PM 184320 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:22 PM 131072 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic

4/13/2008 1:33:01 PM 131072 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:23 PM 376832 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna

4/13/2008 1:33:01 PM 376832 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:23 PM 151552 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale

4/13/2008 1:33:01 PM 151552 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35

Thepowell

21 Posts

May 9th, 2008 15:00

4/13/2008 1:48:12 PM 1581056 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef

4/13/2008 1:38:55 PM 40960 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#

4/13/2008 1:38:55 PM 40960 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881

4/13/2008 1:38:54 PM 12570624 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore

4/13/2008 1:38:54 PM 12570624 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c

4/13/2008 1:36:06 PM 48640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#

4/13/2008 1:36:06 PM 48640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a

4/13/2008 1:39:40 PM 16502784 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#

4/13/2008 1:43:21 PM 393216 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457

4/13/2008 1:43:27 PM 552960 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e

4/13/2008 1:39:40 PM 15036416 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe

4/13/2008 1:43:29 PM 274432 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b

4/13/2008 1:43:24 PM 245760 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5

4/13/2008 1:39:45 PM 2035712 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI

4/13/2008 1:39:45 PM 2035712 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3

4/13/2008 1:39:51 PM 2416640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework

4/13/2008 1:39:51 PM 2416640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b

4/13/2008 1:47:55 PM 139264 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg

4/13/2008 1:47:55 PM 139264 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8

4/13/2008 1:47:56 PM 299008 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics

4/13/2008 1:47:56 PM 299008 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e

4/13/2008 1:47:57 PM 323584 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost

4/13/2008 1:47:57 PM 323584 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4

4/13/2008 1:48:21 PM 262144 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl

4/13/2008 1:48:21 PM 262144 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e

4/13/2008 1:36:05 PM 8265728 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System

4/13/2008 1:36:05 PM 8265728 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a

4/13/2008 1:37:00 PM 163840 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#

4/13/2008 1:37:00 PM 163840 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19

4/13/2008 1:36:19 PM 1011712 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration

4/13/2008 1:36:19 PM 1011712 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b

4/13/2008 1:40:08 PM 7049216 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data

4/13/2008 1:40:08 PM 7049216 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42

4/13/2008 1:42:58 PM 1183744 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#

4/13/2008 1:42:58 PM 1183744 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249

4/13/2008 1:36:53 PM 2756608 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml

4/13/2008 1:36:53 PM 2756608 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302

4/13/2008 1:38:19 PM 1798144 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment

4/13/2008 1:38:19 PM 1798144 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26

4/13/2008 1:42:53 PM 10969088 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design

4/13/2008 1:42:53 PM 10969088 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c

4/13/2008 1:39:56 PM 1736704 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#

4/13/2008 1:39:56 PM 1224704 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881

4/13/2008 1:43:00 PM 512000 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d

4/13/2008 1:37:09 PM 1667072 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing

4/13/2008 1:37:09 PM 1667072 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56

4/13/2008 1:42:54 PM 229376 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#

4/13/2008 1:42:54 PM 229376 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa

4/13/2008 1:40:12 PM 954368 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#

4/13/2008 1:40:12 PM 954368 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56

4/13/2008 1:46:55 PM 241664 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#

4/13/2008 1:46:55 PM 241664 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6

4/13/2008 1:46:54 PM 1118208 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel

4/13/2008 1:46:54 PM 1118208 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3

4/13/2008 1:46:57 PM 417792 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log

4/13/2008 1:46:57 PM 417792 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e

4/13/2008 1:48:49 PM 655360 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging

4/13/2008 1:48:49 PM 655360 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392

4/13/2008 1:39:54 PM 1134592 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing

4/13/2008 1:39:54 PM 1134592 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910

4/13/2008 1:40:14 PM 815104 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#

4/13/2008 1:40:14 PM 815104 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d

4/13/2008 1:37:02 PM 2785280 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#

4/13/2008 1:37:02 PM 339968 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb

4/13/2008 1:47:03 PM 2445312 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23

4/13/2008 1:36:58 PM 733184 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security

4/13/2008 1:36:58 PM 733184 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91

4/13/2008 1:47:46 PM 18071552 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel

4/13/2008 1:47:46 PM 18071552 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba

4/13/2008 1:36:14 PM 233472 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#

4/13/2008 1:36:14 PM 233472 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9

4/13/2008 1:48:21 PM 2039808 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech

4/13/2008 1:48:21 PM 2039808 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5

4/13/2008 1:40:09 PM 679936 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions

4/13/2008 1:40:09 PM 679936 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a

4/13/2008 1:40:45 PM 12509184 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web

4/13/2008 1:40:45 PM 12509184 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a

4/13/2008 1:48:26 PM 2342912 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile

4/13/2008 1:48:26 PM 2342912 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570

4/13/2008 1:42:58 PM 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#

4/13/2008 1:42:58 PM 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa

4/13/2008 1:40:52 PM 1986560 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services

4/13/2008 1:40:52 PM 1986560 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3

4/13/2008 1:38:10 PM 13193216 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms

4/13/2008 1:38:10 PM 13193216 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5

4/13/2008 1:48:36 PM 3084288 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#

4/13/2008 1:48:36 PM 3084288 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562

4/13/2008 1:48:44 PM 4579328 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#

4/13/2008 1:48:44 PM 4579328 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0

4/13/2008 1:48:48 PM 2088960 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#

4/13/2008 1:48:48 PM 2088960 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378

4/13/2008 1:36:38 PM 5771264 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml

4/13/2008 1:36:38 PM 5771264 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede

4/13/2008 12:34:59 PM 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp

4/13/2008 1:00:59 PM 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15.tmp

4/13/2008 1:40:52 PM 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP295.tmp

4/13/2008 1:48:54 PM 483328 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient

4/13/2008 1:48:54 PM 483328 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806

4/13/2008 1:48:56 PM 1118208 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#

4/13/2008 1:48:56 PM 1118208 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99

4/13/2008 1:38:55 PM 50688 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider

4/13/2008 1:38:55 PM 50688 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519

4/13/2008 1:38:55 PM 196608 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes

4/13/2008 1:38:55 PM 196608 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122

4/13/2008 1:38:27 PM 3395584 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase

4/13/2008 1:38:27 PM 3395584 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86

4/13/2008 1:48:59 PM 270336 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#

4/13/2008 1:48:59 PM 270336 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9

4/13/2008 1:47:58 PM 380928 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig

4/13/2008 1:47:58 PM 380928 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872

4/13/2008 12:34:18 PM 0 C:\WINDOWS\assembly\temp

4/13/2008 12:30:40 PM 0 C:\WINDOWS\assembly\tmp

5/6/2008 11:51:50 PM 46127 C:\WINDOWS\l2schemas

4/13/2008 12:30:40 PM 154558024 C:\WINDOWS\Microsoft.NET

4/13/2008 12:30:40 PM 154558024 C:\WINDOWS\Microsoft.NET\Framework

4/13/2008 12:30:52 PM 103536 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705

4/13/2008 12:30:40 PM 54937363 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

4/13/2008 12:30:41 PM 403027 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033

4/13/2008 12:30:44 PM 23068 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles

4/13/2008 12:30:45 PM 514276 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG

4/13/2008 12:30:53 PM 22528 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI

4/13/2008 12:30:53 PM 22528 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409

4/14/2008 7:48:15 PM 8609792 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444

4/13/2008 12:31:26 PM 0 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files

4/13/2008 12:31:26 PM 0 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs

4/13/2008 1:35:53 PM 9662976 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates

4/14/2008 7:48:57 PM 9609728 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366

4/13/2008 12:33:43 PM 66299821 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

4/13/2008 12:33:44 PM 599032 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033

4/13/2008 12:33:44 PM 622187 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles

4/13/2008 12:33:44 PM 100771 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig

4/13/2008 12:33:44 PM 19556 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources

4/13/2008 12:33:44 PM 60139 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code

4/13/2008 12:33:47 PM 317 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Data

4/13/2008 12:33:44 PM 5125 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_GlobalResources

4/13/2008 12:33:46 PM 76706 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources

4/13/2008 12:33:44 PM 48968 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images

4/13/2008 12:33:45 PM 40161 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers

4/13/2008 12:33:45 PM 6302 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers\App_LocalResources

4/13/2008 12:33:44 PM 198623 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security

4/13/2008 12:33:52 PM 6815 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\App_LocalResources

4/13/2008 12:33:46 PM 37560 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions

4/13/2008 12:33:46 PM 4957 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources

4/13/2008 12:33:48 PM 20898 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles

4/13/2008 12:33:48 PM 4166 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources

4/13/2008 12:33:44 PM 50824 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users

4/13/2008 12:33:44 PM 10352 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\App_LocalResources

4/13/2008 12:33:46 PM 68421 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard

4/13/2008 12:33:46 PM 15454 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources

4/13/2008 12:33:45 PM 876475 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG

4/13/2008 12:33:45 PM 526862 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers

4/13/2008 12:33:49 PM 123922 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild

4/13/2008 1:30:23 PM 31744 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI

4/13/2008 1:30:23 PM 31744 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409

4/13/2008 1:30:24 PM 11143 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RedistList

4/13/2008 12:34:44 PM 0 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

4/13/2008 12:38:27 PM 32927078 C:\WINDOWS\Microsoft.NET\Framework\v3.0

4/13/2008 12:44:08 PM 575848 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 x86

4/13/2008 12:44:08 PM 575848 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 x86\Logs

4/13/2008 12:38:27 PM 10687246 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation

4/13/2008 1:32:49 PM 27136 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\MUI

4/13/2008 1:32:49 PM 27136 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\MUI\0409

4/13/2008 12:43:19 PM 644654 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation

4/13/2008 12:43:19 PM 460554 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL

4/13/2008 12:43:19 PM 460554 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\EN

4/13/2008 12:39:07 PM 21019330 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF

4/13/2008 1:32:46 PM 49152 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\en-us

4/13/2008 12:39:12 PM 55278 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer

Thepowell

21 Posts

May 9th, 2008 15:00

5/6/2008 11:59:31 PM 5897810 C:\WINDOWS\Prefetch

5/6/2008 11:21:33 PM 19569 32 C:\WINDOWS\005601_.tmp

4/13/2008 12:32:57 PM 7786 32 C:\WINDOWS\basecsp.log

4/13/2008 12:45:56 PM 2896 32 C:\WINDOWS\COM+.log

4/13/2008 12:32:40 PM 9532 32 C:\WINDOWS\KB896344.log

4/13/2008 12:28:27 PM 19427 32 C:\WINDOWS\KB920342.log

4/13/2008 1:23:58 PM 11233 32 C:\WINDOWS\KB925720.log

4/11/2008 4:30:53 PM 18459 32 C:\WINDOWS\KB941693.log

4/11/2008 4:30:26 PM 12447 32 C:\WINDOWS\KB945553.log

4/11/2008 8:35:22 PM 19352 32 C:\WINDOWS\KB947864-IE7.log

4/11/2008 4:30:35 PM 12456 32 C:\WINDOWS\KB948590.log

4/11/2008 8:37:31 PM 13806 32 C:\WINDOWS\KB948881.log

4/13/2008 1:27:55 PM 133602 32 C:\WINDOWS\msxml6-KB933579-enu-x86.LOG

5/7/2008 12:00:17 AM 187 32 C:\WINDOWS\spupdsvc.log.1.log

4/13/2008 12:37:09 PM 13148 32 C:\WINDOWS\WIC.log

4/13/2008 12:37:18 PM 18462 32 C:\WINDOWS\XpsEPSC.log

5/6/2008 11:51:49 PM 76288 C:\WINDOWS\system32\en

5/6/2008 11:51:51 PM 83456 C:\WINDOWS\system32\scripting

4/13/2008 12:30:38 PM 3395584 C:\WINDOWS\system32\URTTemp

4/13/2008 12:39:12 PM 386780 C:\WINDOWS\system32\XPSViewer

4/13/2008 1:32:58 PM 3584 C:\WINDOWS\system32\XPSViewer\en-us

5/6/2008 11:21:10 PM 136192 0 C:\WINDOWS\system32\aaclient.dll

5/6/2008 11:21:19 PM 233472 0 C:\WINDOWS\system32\azroles.dll

5/6/2008 11:21:20 PM 7168 0 C:\WINDOWS\system32\bitsprx4.dll

5/6/2008 11:21:23 PM 12800 0 C:\WINDOWS\system32\credssp.dll

5/6/2008 11:21:25 PM 48640 0 C:\WINDOWS\system32\dhcpqec.dll

5/6/2008 11:21:26 PM 19456 0 C:\WINDOWS\system32\dimsntfy.dll

5/6/2008 11:21:26 PM 39936 0 C:\WINDOWS\system32\dimsroam.dll

5/6/2008 11:21:27 PM 26112 0 C:\WINDOWS\system32\dot3api.dll

5/6/2008 11:21:27 PM 57856 0 C:\WINDOWS\system32\dot3cfg.dll

5/6/2008 11:21:28 PM 9216 0 C:\WINDOWS\system32\dot3dlg.dll

5/6/2008 11:21:28 PM 39936 0 C:\WINDOWS\system32\dot3gpclnt.dll

5/6/2008 11:21:28 PM 56320 0 C:\WINDOWS\system32\dot3msm.dll

5/6/2008 11:21:28 PM 132096 0 C:\WINDOWS\system32\dot3svc.dll

5/6/2008 11:21:28 PM 650752 0 C:\WINDOWS\system32\dot3ui.dll

5/6/2008 11:21:30 PM 30720 0 C:\WINDOWS\system32\eapolqec.dll

5/6/2008 11:21:30 PM 184832 0 C:\WINDOWS\system32\eapp3hst.dll

5/6/2008 11:21:30 PM 126976 0 C:\WINDOWS\system32\eappcfg.dll

5/6/2008 11:21:30 PM 94208 0 C:\WINDOWS\system32\eappgnui.dll

5/6/2008 11:21:30 PM 180224 0 C:\WINDOWS\system32\eapphost.dll

5/6/2008 11:21:30 PM 40960 0 C:\WINDOWS\system32\eappprxy.dll

5/6/2008 11:21:30 PM 59392 0 C:\WINDOWS\system32\eapqec.dll

5/6/2008 11:21:30 PM 33792 0 C:\WINDOWS\system32\eapsvc.dll

5/9/2008 5:01:34 PM 100 32 C:\WINDOWS\system32\ikhcore.cfg

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdbhc.dll

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdiultn.dll

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdnepr.dll

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdpash.dll

5/6/2008 11:22:03 PM 61440 0 C:\WINDOWS\system32\kmsvc.dll

5/6/2008 11:22:05 PM 37376 0 C:\WINDOWS\system32\l2gpstore.dll

5/6/2008 11:22:35 PM 184320 0 C:\WINDOWS\system32\microsoft.managementconsole.dll

5/6/2008 11:22:35 PM 397312 0 C:\WINDOWS\system32\mmcex.dll

5/6/2008 11:22:35 PM 106496 0 C:\WINDOWS\system32\mmcfxcommon.dll

5/6/2008 11:22:37 PM 33792 0 C:\WINDOWS\system32\mmcperf.exe

5/4/2008 12:47:19 PM 111 33 C:\WINDOWS\system32\Mscomm.srg

5/4/2008 12:47:19 PM 2496 33 C:\WINDOWS\system32\Mscomm32.dep

5/4/2008 12:47:19 PM 103744 33 C:\WINDOWS\system32\Mscomm32.ocx

5/6/2008 11:23:14 PM 155136 0 C:\WINDOWS\system32\mssha.dll

5/6/2008 11:23:15 PM 76800 0 C:\WINDOWS\system32\msshavmsg.dll

5/6/2008 11:23:23 PM 79872 32 C:\WINDOWS\system32\msxml6r.dll

5/6/2008 11:23:27 PM 30208 0 C:\WINDOWS\system32\napipsec.dll

5/6/2008 11:23:27 PM 193024 0 C:\WINDOWS\system32\napmontr.dll

5/6/2008 11:23:28 PM 176640 0 C:\WINDOWS\system32\napstat.exe

5/6/2008 11:23:47 PM 144384 0 C:\WINDOWS\system32\onex.dll

5/6/2008 11:21:50 PM 1261 0 C:\WINDOWS\system32\pid.inf

5/6/2008 11:24:11 PM 150528 0 C:\WINDOWS\system32\qagent.dll

5/6/2008 11:24:11 PM 291328 0 C:\WINDOWS\system32\qagentrt.dll

5/6/2008 11:24:11 PM 62464 0 C:\WINDOWS\system32\qcliprov.dll

5/6/2008 11:24:14 PM 76800 0 C:\WINDOWS\system32\qutil.dll

5/6/2008 11:24:17 PM 61952 0 C:\WINDOWS\system32\rasqec.dll

5/6/2008 11:24:23 PM 290304 0 C:\WINDOWS\system32\rhttpaa.dll

5/6/2008 11:24:42 PM 32768 0 C:\WINDOWS\system32\setupn.exe

4/13/2008 12:37:20 PM 14048 0 C:\WINDOWS\system32\spmsg2.dll

5/6/2008 11:25:07 PM 53248 0 C:\WINDOWS\system32\tsgqec.dll

5/6/2008 11:25:08 PM 50688 0 C:\WINDOWS\system32\tspkg.dll

5/6/2008 11:25:36 PM 69120 0 C:\WINDOWS\system32\wlanapi.dll

=== Files under "\Administrator\Startup" Last 30 Days======

5/6/2008 11:21:10 PM 136192 0 C:\WINDOWS\system32\aaclient.dll

5/6/2008 11:21:19 PM 233472 0 C:\WINDOWS\system32\azroles.dll

5/6/2008 11:21:20 PM 7168 0 C:\WINDOWS\system32\bitsprx4.dll

5/6/2008 11:21:23 PM 12800 0 C:\WINDOWS\system32\credssp.dll

5/6/2008 11:21:25 PM 48640 0 C:\WINDOWS\system32\dhcpqec.dll

5/6/2008 11:21:26 PM 19456 0 C:\WINDOWS\system32\dimsntfy.dll

5/6/2008 11:21:26 PM 39936 0 C:\WINDOWS\system32\dimsroam.dll

5/6/2008 11:21:27 PM 26112 0 C:\WINDOWS\system32\dot3api.dll

5/6/2008 11:21:27 PM 57856 0 C:\WINDOWS\system32\dot3cfg.dll

5/6/2008 11:21:28 PM 9216 0 C:\WINDOWS\system32\dot3dlg.dll

5/6/2008 11:21:28 PM 39936 0 C:\WINDOWS\system32\dot3gpclnt.dll

5/6/2008 11:21:28 PM 56320 0 C:\WINDOWS\system32\dot3msm.dll

5/6/2008 11:21:28 PM 132096 0 C:\WINDOWS\system32\dot3svc.dll

5/6/2008 11:21:28 PM 650752 0 C:\WINDOWS\system32\dot3ui.dll

5/6/2008 11:21:30 PM 30720 0 C:\WINDOWS\system32\eapolqec.dll

5/6/2008 11:21:30 PM 184832 0 C:\WINDOWS\system32\eapp3hst.dll

5/6/2008 11:21:30 PM 126976 0 C:\WINDOWS\system32\eappcfg.dll

5/6/2008 11:21:30 PM 94208 0 C:\WINDOWS\system32\eappgnui.dll

5/6/2008 11:21:30 PM 180224 0 C:\WINDOWS\system32\eapphost.dll

5/6/2008 11:21:30 PM 40960 0 C:\WINDOWS\system32\eappprxy.dll

5/6/2008 11:21:30 PM 59392 0 C:\WINDOWS\system32\eapqec.dll

5/6/2008 11:21:30 PM 33792 0 C:\WINDOWS\system32\eapsvc.dll

5/9/2008 5:01:34 PM 100 32 C:\WINDOWS\system32\ikhcore.cfg

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdbhc.dll

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdiultn.dll

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdnepr.dll

5/6/2008 11:22:02 PM 6144 0 C:\WINDOWS\system32\kbdpash.dll

5/6/2008 11:22:03 PM 61440 0 C:\WINDOWS\system32\kmsvc.dll

5/6/2008 11:22:05 PM 37376 0 C:\WINDOWS\system32\l2gpstore.dll

5/6/2008 11:22:35 PM 184320 0 C:\WINDOWS\system32\microsoft.managementconsole.dll

5/6/2008 11:22:35 PM 397312 0 C:\WINDOWS\system32\mmcex.dll

5/6/2008 11:22:35 PM 106496 0 C:\WINDOWS\system32\mmcfxcommon.dll

5/6/2008 11:22:37 PM 33792 0 C:\WINDOWS\system32\mmcperf.exe

5/4/2008 12:47:19 PM 111 33 C:\WINDOWS\system32\Mscomm.srg

5/4/2008 12:47:19 PM 2496 33 C:\WINDOWS\system32\Mscomm32.dep

5/4/2008 12:47:19 PM 103744 33 C:\WINDOWS\system32 Mscomm32.ocx

5/6/2008 11:23:14 PM 155136 0 C:\WINDOWS\system32\mssha.dll

5/6/2008 11:23:15 PM 76800 0 C:\WINDOWS\system32\msshavmsg.dll

5/6/2008 11:23:23 PM 79872 32 C:\WINDOWS\system32\msxml6r.dll

5/6/2008 11:23:27 PM 30208 0 C:\WINDOWS\system32\napipsec.dll

5/6/2008 11:23:27 PM 193024 0 C:\WINDOWS\system32\napmontr.dll

5/6/2008 11:23:28 PM 176640 0 C:\WINDOWS\system32\napstat.exe

5/6/2008 11:23:47 PM 144384 0 C:\WINDOWS\system32\onex.dll

5/6/2008 11:21:50 PM 1261 0 C:\WINDOWS\system32\pid.inf

5/6/2008 11:24:11 PM 150528 0 C:\WINDOWS\system32\qagent.dll

5/6/2008 11:24:11 PM 291328 0 C:\WINDOWS\system32\qagentrt.dll

5/6/2008 11:24:11 PM 62464 0 C:\WINDOWS\system32\qcliprov.dll

5/6/2008 11:24:14 PM 76800 0 C:\WINDOWS\system32\qutil.dll

5/6/2008 11:24:17 PM 61952 0 C:\WINDOWS\system32\rasqec.dll

5/6/2008 11:24:23 PM 290304 0 C:\WINDOWS\system32\rhttpaa.dll

5/6/2008 11:24:42 PM 32768 0 C:\WINDOWS\system32\setupn.exe

4/13/2008 12:37:20 PM 14048 0 C:\WINDOWS\system32\spmsg2.dll

5/6/2008 11:25:07 PM 53248 0 C:\WINDOWS\system32\tsgqec.dll

5/6/2008 11:25:08 PM 50688 0 C:\WINDOWS\system32\tspkg.dll

5/6/2008 11:25:36 PM 69120 0 C:\WINDOWS\system32\wlanapi.dll

=== Files under "All Users\Startup" Last 30 Days======

=== Folders under "\Program Files" Last 30 Days======

5/8/2008 12:25:07 AM 2402516 C:\Program Files\GRISOFT

5/8/2008 12:25:07 AM 2402516 C:\Program Files\GRISOFT\AVG Anti-Rootkit Free

4/13/2008 1:34:51 PM 7730273 C:\Program Files\Microsoft Silverlight

4/13/2008 1:34:52 PM 218546 C:\Program Files\Microsoft Silverlight\1025

4/13/2008 1:34:52 PM 153186 C:\Program Files\Microsoft Silverlight\1026

4/13/2008 1:34:52 PM 134783 C:\Program Files\Microsoft Silverlight\1028

4/13/2008 1:34:52 PM 118722 C:\Program Files\Microsoft Silverlight\1029

4/13/2008 1:34:52 PM 112442 C:\Program Files\Microsoft Silverlight\1030

4/13/2008 1:34:52 PM 116199 C:\Program Files\Microsoft Silverlight\1031

4/13/2008 1:34:52 PM 146316 C:\Program Files\Microsoft Silverlight\1032

4/13/2008 1:34:52 PM 101284 C:\Program Files\Microsoft Silverlight\1033

4/13/2008 1:34:52 PM 114452 C:\Program Files\Microsoft Silverlight\1035

4/13/2008 1:34:52 PM 115596 C:\Program Files\Microsoft Silverlight\1036

4/13/2008 1:34:52 PM 178351 C:\Program Files\Microsoft Silverlight\1037

4/13/2008 1:34:52 PM 116859 C:\Program Files\Microsoft Silverlight\1038

4/13/2008 1:34:52 PM 116134 C:\Program Files\Microsoft Silverlight\1040

4/13/2008 1:34:52 PM 135678 C:\Program Files\Microsoft Silverlight\1041

4/13/2008 1:34:52 PM 231550 C:\Program Files\Microsoft Silverlight\1042

4/13/2008 1:34:52 PM 114618 C:\Program Files\Microsoft Silverlight\1043

4/13/2008 1:34:52 PM 112527 C:\Program Files\Microsoft Silverlight\1044

4/13/2008 1:34:52 PM 120602 C:\Program Files\Microsoft Silverlight\1045

4/13/2008 1:34:53 PM 115362 C:\Program Files\Microsoft Silverlight\1046

4/13/2008 1:34:53 PM 120088 C:\Program Files\Microsoft Silverlight\1048

4/13/2008 1:34:53 PM 171007 C:\Program Files\Microsoft Silverlight\1049

4/13/2008 1:34:53 PM 117186 C:\Program Files\Microsoft Silverlight\1050

4/13/2008 1:34:53 PM 118212 C:\Program Files\Microsoft Silverlight\1051

4/13/2008 1:34:53 PM 112301 C:\Program Files\Microsoft Silverlight\1053

4/13/2008 1:34:53 PM 177126 C:\Program Files\Microsoft Silverlight\1054

4/13/2008 1:34:53 PM 118258 C:\Program Files\Microsoft Silverlight\1055

4/13/2008 1:34:53 PM 166668 C:\Program Files\Microsoft Silverlight\1058

4/13/2008 1:34:53 PM 143611 C:\Program Files\Microsoft Silverlight\1060

4/13/2008 1:34:53 PM 114182 C:\Program Files\Microsoft Silverlight\1061

4/13/2008 1:34:53 PM 120089 C:\Program Files\Microsoft Silverlight\1062

4/13/2008 1:34:53 PM 115921 C:\Program Files\Microsoft Silverlight\2052

4/13/2008 1:34:53 PM 102672 C:\Program Files\Microsoft Silverlight\2070

4/13/2008 1:34:53 PM 115631 C:\Program Files\Microsoft Silverlight\2074

4/13/2008 1:34:53 PM 118034 C:\Program Files\Microsoft Silverlight\3082

4/13/2008 12:37:05 PM 6849 C:\Program Files\MSXML 6.0

4/13/2008 12:37:05 PM 6849 C:\Program Files\MSXML 6.0\EULA

4/23/2008 4:19:23 PM 7755233 C:\Program Files\Orbitdownloader

4/23/2008 4:19:25 PM 99110 C:\Program Files\Orbitdownloader\addons

4/23/2008 4:19:25 PM 29478 C:\Program Files\Orbitdownloader\addons\orbitff

4/23/2008 4:19:25 PM 27113 C:\Program Files\Orbitdownloader\addons\orbitff\chrome

4/23/2008 4:19:25 PM 877235 C:\Program Files\Orbitdownloader\language

4/23/2008 4:19:23 PM 0 C:\Program Files\Orbitdownloader\update

4/13/2008 12:38:27 PM 25299132 C:\Program Files\Reference Assemblies

4/13/2008 12:38:27 PM 25299132 C:\Program Files\Reference Assemblies\Microsoft

4/13/2008 12:38:27 PM 25299132 C:\Program Files\Reference Assemblies\Microsoft\Framework

4/13/2008 12:38:27 PM 25299132 C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0

4/13/2008 1:32:46 PM 5682 C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList

5/1/2008 8:09:48 PM 0 C:\Program Files\Sophos

5/1/2008 8:09:48 PM 0 C:\Program Files\Sophos\Sophos Anti-Rootkit

5/8/2008 6:36:03 PM 501458 C:\Program Files\SysShield Tools

5/8/2008 6:36:03 PM 501458 C:\Program Files\SysShield Tools\File Shredder

5/8/2008 6:15:20 PM 404394 C:\Program Files\Trend Micro

5/8/2008 6:15:20 PM 404394 C:\Program Files\Trend Micro\HijackThis

=== Files under "\System32\Drivers" Last 30 Days======

5/8/2008 12:25:08 AM 3968 32 C:\WINDOWS\system32\drivers\AvgArCln.sys

5/6/2008 11:21:41 PM 144384 0 C:\WINDOWS\system32\drivers\hdaudbus.sys

5/6/2008 11:24:43 PM 10240 0 C:\WINDOWS\system32\drivers\sffp_mmc.sys

=== Files under "\User\Local Settings\Temp" Last 30 Days======

Thepowell

21 Posts

May 9th, 2008 15:00

Cheers. By random I should have said normally popups relating to whatever is being done on the machine, that even included register program adverts as I went into the resident section on spybot :smileyindifferent:

+++++++++++++++++++++++++++++++++

+

+ File Lister

+

+ Version 1.0.1

+

+ By bamajim

+

+++++++++++++++++++++++++++++++++

=== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

"mcagent_exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

@=""

=== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]

@=""

=== Folders and Files from "C:\" and "C:\Windows" Created Last 30 Days ======

5/7/2008 12:21:43 AM 0 C:\Config.Msi

4/23/2008 4:19:55 PM 0 C:\Downloads

5/9/2008 5:16:58 PM 1145 32 C:\Files.txt

4/13/2008 12:32:58 PM 741062 C:\WINDOWS\$NtUninstallbasecsp$

4/13/2008 12:32:58 PM 593606 C:\WINDOWS\$NtUninstallbasecsp$\spuninst

4/13/2008 12:32:47 PM 2736244 C:\WINDOWS\$NtUninstallKB896344$

4/13/2008 12:32:47 PM 596795 C:\WINDOWS\$NtUninstallKB896344$\spuninst

4/13/2008 12:36:54 PM 1775533 C:\WINDOWS\$NtUninstallKB920342$

4/13/2008 12:36:54 PM 597421 C:\WINDOWS\$NtUninstallKB920342$\spuninst

4/13/2008 1:27:20 PM 1024633 C:\WINDOWS\$NtUninstallKB925720$

4/13/2008 1:27:20 PM 596601 C:\WINDOWS\$NtUninstallKB925720$\spuninst

4/11/2008 8:35:57 PM 2437878 C:\WINDOWS\$NtUninstallKB941693$

4/11/2008 8:35:57 PM 594294 C:\WINDOWS\$NtUninstallKB941693$\spuninst

4/11/2008 8:33:54 PM 788867 C:\WINDOWS\$NtUninstallKB945553$

4/11/2008 8:33:54 PM 594819 C:\WINDOWS\$NtUninstallKB945553$\spuninst

4/11/2008 8:35:17 PM 876275 C:\WINDOWS\$NtUninstallKB948590$

4/11/2008 8:35:17 PM 594163 C:\WINDOWS\$NtUninstallKB948590$\spuninst

4/11/2008 8:37:32 PM 851401 C:\WINDOWS\$NtUninstallKB948881$

4/11/2008 8:37:32 PM 593353 C:\WINDOWS\$NtUninstallKB948881$\spuninst

4/13/2008 12:37:10 PM 642045 C:\WINDOWS\$NtUninstallWIC$

4/13/2008 12:37:10 PM 642045 C:\WINDOWS\$NtUninstallWIC$\spuninst

4/13/2008 12:30:40 PM 304017288 C:\WINDOWS\assembly

4/13/2008 12:31:52 PM 15761829 C:\WINDOWS\assembly\GAC

4/13/2008 12:31:52 PM 7884 C:\WINDOWS\assembly\GAC\Accessibility

4/13/2008 12:30:48 PM 7884 C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:52 PM 12488 C:\WINDOWS\assembly\GAC\cscompmgd

4/13/2008 12:30:41 PM 12488 C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:52 PM 33999 C:\WINDOWS\assembly\GAC\CustomMarshalers

4/13/2008 12:30:49 PM 33999 C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:54 PM 8470 C:\WINDOWS\assembly\GAC\IEExecRemote

4/13/2008 1:36:54 PM 8470 C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:55 PM 33034 C:\WINDOWS\assembly\GAC\IEHost

4/13/2008 1:36:55 PM 33034 C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:55 PM 4806 C:\WINDOWS\assembly\GAC\IIEHost

4/13/2008 12:30:49 PM 4806 C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:55 PM 26314 C:\WINDOWS\assembly\GAC\ISymWrapper

4/13/2008 12:30:49 PM 26314 C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:37:03 PM 721184 C:\WINDOWS\assembly\GAC\Microsoft.JScript

4/13/2008 1:37:03 PM 721184 C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a

4/13/2008 1:36:56 PM 299304 C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic

4/13/2008 1:36:56 PM 299304 C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:52 PM 28888 C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa

4/13/2008 12:30:41 PM 28888 C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:52 PM 6352 C:\WINDOWS\assembly\GAC\Microsoft.VisualC

4/13/2008 12:30:42 PM 6352 C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a

4/13/2008 12:31:52 PM 32972 C:\WINDOWS\assembly\GAC\Microsoft.Vsa

4/13/2008 12:30:40 PM 32972 C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a

Thepowell

21 Posts

May 9th, 2008 15:00

4/13/2008 1:33:21 PM 897024 C:\WINDOWS\assembly\GAC_MSIL\PresentationUI

4/13/2008 1:32:59 PM 897024 C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:23 PM 528384 C:\WINDOWS\assembly\GAC_MSIL\ReachFramework

4/13/2008 1:33:05 PM 528384 C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:21 PM 102400 C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics

4/13/2008 1:32:56 PM 102400 C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089

4/13/2008 1:30:55 PM 110592 C:\WINDOWS\assembly\GAC_MSIL\sysglobl

4/13/2008 1:30:55 PM 110592 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:48 PM 3076096 C:\WINDOWS\assembly\GAC_MSIL\System

4/13/2008 1:30:48 PM 3076096 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089

4/13/2008 1:30:46 PM 425984 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration

4/13/2008 1:30:46 PM 425984 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:55 PM 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install

4/13/2008 1:30:55 PM 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:47 PM 741376 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml

4/13/2008 1:30:47 PM 741376 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089

4/13/2008 1:30:47 PM 933888 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment

4/13/2008 1:30:47 PM 933888 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:31:02 PM 5070848 C:\WINDOWS\assembly\GAC_MSIL\System.Design

4/13/2008 1:31:01 PM 5070848 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:50 PM 401408 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices

4/13/2008 1:30:50 PM 401408 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:31:00 PM 188416 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols

4/13/2008 1:31:00 PM 188416 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:44 PM 630784 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing

4/13/2008 1:30:44 PM 630784 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:58 PM 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design

4/13/2008 1:30:58 PM 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:33:23 PM 430080 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel

4/13/2008 1:33:07 PM 430080 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089

4/13/2008 1:33:23 PM 126976 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors

4/13/2008 1:33:08 PM 126976 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089

4/13/2008 1:33:21 PM 131072 C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log

4/13/2008 1:32:54 PM 131072 C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:59 PM 372736 C:\WINDOWS\assembly\GAC_MSIL\System.Management

4/13/2008 1:30:59 PM 372736 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:58 PM 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging

4/13/2008 1:30:58 PM 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:57 PM 299008 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting

4/13/2008 1:30:57 PM 299008 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089

4/13/2008 1:33:21 PM 929792 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization

4/13/2008 1:32:53 PM 929792 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089

4/13/2008 1:30:57 PM 131072 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap

4/13/2008 1:30:57 PM 131072 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:44 PM 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Security

4/13/2008 1:30:44 PM 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:33:21 PM 5971968 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel

4/13/2008 1:32:49 PM 5971968 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089

4/13/2008 1:33:21 PM 159744 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install

4/13/2008 1:32:48 PM 159744 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089

4/13/2008 1:33:21 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting

4/13/2008 1:32:48 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089

4/13/2008 1:30:44 PM 114688 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess

4/13/2008 1:30:44 PM 114688 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:33:20 PM 688128 C:\WINDOWS\assembly\GAC_MSIL\System.Speech

4/13/2008 1:32:47 PM 688128 C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35

4/13/2008 1:30:49 PM 884736 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile

4/13/2008 1:30:49 PM 884736 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:50 PM 90112 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions

4/13/2008 1:30:49 PM 90112 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:49 PM 839680 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services

4/13/2008 1:30:49 PM 839680 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a

4/13/2008 1:30:51 PM 5013504 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms

4/13/2008 1:30:51 PM 5013504 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089

4/13/2008 1:33:22 PM 1152040 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities

4/13/2008 1:33:07 PM 1152040 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:22 PM 1635376 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel

4/13/2008 1:33:06 PM 1635376 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:22 PM 578592 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime

4/13/2008 1:33:06 PM 578592 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35

4/13/2008 1:30:45 PM 2068480 C:\WINDOWS\assembly\GAC_MSIL\System.Xml

4/13/2008 1:30:45 PM 2068480 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089

4/13/2008 1:33:20 PM 163840 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient

4/13/2008 1:32:47 PM 163840 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:20 PM 372736 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders

4/13/2008 1:32:46 PM 372736 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:23 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider

4/13/2008 1:33:04 PM 32768 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:21 PM 86016 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes

4/13/2008 1:33:04 PM 86016 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:23 PM 1204224 C:\WINDOWS\assembly\GAC_MSIL\WindowsBase

4/13/2008 1:33:03 PM 1204224 C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35

4/13/2008 1:33:20 PM 81920 C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration

4/13/2008 1:32:46 PM 81920 C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35

4/13/2008 12:32:02 PM 45970858 C:\WINDOWS\assembly\NativeImages1_v1.1.4322

4/13/2008 12:32:02 PM 180405 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers

4/14/2008 11:28:01 PM 118875 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_67396090

4/14/2008 11:26:13 PM 61530 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_82193308

4/13/2008 12:32:05 PM 12300471 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib

4/14/2008 11:28:32 PM 8908892 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1f5e69f7

4/14/2008 11:27:32 PM 3391579 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fd91f7c1

4/13/2008 12:32:18 PM 6754485 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System

4/14/2008 7:49:36 PM 1966170 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_78d4611b

4/14/2008 11:27:59 PM 4788315 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fd9bbfd3

4/13/2008 12:32:14 PM 4866229 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design

4/14/2008 11:28:24 PM 3395675 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_09fda27d

4/14/2008 11:27:18 PM 1470554 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d3829ea2

4/13/2008 12:32:21 PM 3080373 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing

4/14/2008 11:28:27 PM 2244699 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_73c3a836

4/14/2008 11:27:26 PM 835674 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7c244fcc

4/13/2008 12:32:19 PM 282805 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design

4/14/2008 11:26:20 PM 90202 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3d716044

4/14/2008 11:28:04 PM 192603 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3ebf3c94

4/13/2008 12:32:26 PM 10903733 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms

4/14/2008 11:26:34 PM 3018842 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_352c7a3a

4/14/2008 11:28:12 PM 7884891 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_d8f7cfc5

4/13/2008 12:32:31 PM 7602357 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml

4/14/2008 11:28:17 PM 5513307 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_569bf2b3

4/14/2008 11:26:57 PM 2089050 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_cd7f1d04

4/13/2008 12:34:59 PM 174227456 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32

4/13/2008 1:38:15 PM 27136 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility

4/13/2008 1:38:15 PM 27136 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622

4/13/2008 1:46:50 PM 884736 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt

4/13/2008 1:46:50 PM 884736 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b

4/13/2008 1:47:49 PM 503808 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig

4/13/2008 1:47:49 PM 503808 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a

4/13/2008 1:47:59 PM 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers

4/13/2008 1:47:59 PM 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281

4/13/2008 1:47:47 PM 15360 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc

4/13/2008 1:47:47 PM 15360 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80

4/13/2008 1:48:01 PM 876544 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#

4/13/2008 1:48:01 PM 876544 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b

4/13/2008 1:48:02 PM 81920 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#

4/13/2008 1:48:02 PM 81920 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e

4/13/2008 1:48:05 PM 1695744 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#

4/13/2008 1:48:05 PM 1695744 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8

4/13/2008 1:48:05 PM 167936 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#

4/13/2008 1:48:05 PM 167936 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489

4/13/2008 1:47:52 PM 1634304 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#

4/13/2008 1:47:52 PM 1232896 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850

4/13/2008 1:47:54 PM 401408 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788

4/13/2008 1:48:09 PM 1740800 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#

4/13/2008 1:48:09 PM 1740800 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f

4/13/2008 1:38:20 PM 17920 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC

4/13/2008 1:38:20 PM 17920 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4

4/13/2008 1:35:14 PM 11722752 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib

4/13/2008 1:35:14 PM 11722752 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655

4/13/2008 1:48:12 PM 1581056 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#

Thepowell

21 Posts

May 9th, 2008 15:00

4/13/2008 12:31:39 PM 5735 32 C:\Documents and Settings\Home\Local Settings\Temp\ASPNETSetup.log

4/13/2008 12:34:38 PM 5144 32 C:\Documents and Settings\Home\Local Settings\Temp\ASPNETSetup_00000.log

4/13/2008 1:31:02 PM 5158 32 C:\Documents and Settings\Home\Local Settings\Temp\ASPNETSetup_00001.log

4/13/2008 12:37:43 PM 190578 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_depcheckdotnetfx30.txt

4/13/2008 1:28:39 PM 21448 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_depcheck_NETFX20_EXP_35.txt

4/13/2008 1:32:12 PM 29575 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_depcheck_NETFX30_EXP_35.txt

4/13/2008 1:28:37 PM 2 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_dotnetfx20error.txt

4/13/2008 1:28:37 PM 73940 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_dotnetfx20install.txt

4/13/2008 1:32:10 PM 2 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_dotnetfx30error.txt

4/13/2008 1:32:10 PM 75484 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_dotnetfx30install.txt

4/13/2008 12:37:41 PM 124094 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_dotnetfx3install.txt

4/13/2008 12:33:21 PM 4572936 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_netfx20MSI7A3E.txt

4/13/2008 12:33:20 PM 22522 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_netfx20UI7A3E.txt

4/13/2008 1:28:55 PM 9645762 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_NET_Framework20_Setup24C9.txt

4/13/2008 1:32:27 PM 4110380 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_NET_Framework30_Setup277D.txt

4/13/2008 12:38:19 PM 133758 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_rgb_retMSI7E0F.txt

4/13/2008 12:38:37 PM 4956 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_wcf_retCA54C9.txt

4/13/2008 1:33:10 PM 3755 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_wcf_retCA78F8.txt

4/13/2008 12:38:22 PM 771932 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_wcf_retMSI7E19.txt

4/13/2008 12:43:15 PM 238366 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_WF_3.0_x86retMSI01D5.txt

4/13/2008 12:39:00 PM 736836 32 C:\Documents and Settings\Home\Local Settings\Temp\dd_wpf_retMSI7E95.txt

4/13/2008 12:30:30 PM 2397 32 C:\Documents and Settings\Home\Local Settings\Temp\dotNetFx.log

5/9/2008 5:14:58 PM 138680 32 C:\Documents and Settings\Home\Local Settings\Temp\gus5.tmp

5/4/2008 12:31:23 PM 0 32 C:\Documents and Settings\Home\Local Settings\Temp\jar_cache60904.tmp

4/13/2008 12:30:31 PM 2878536 32 C:\Documents and Settings\Home\Local Settings\Temp\netfx.log

4/13/2008 1:34:57 PM 10973 32 C:\Documents and Settings\Home\Local Settings\Temp\netfxsl.log

4/13/2008 1:37:08 PM 7860 32 C:\Documents and Settings\Home\Local Settings\Temp\netfxupdate.log

5/1/2008 8:15:30 PM 639924 32 C:\Documents and Settings\Home\Local Settings\Temp\samples.sar

5/1/2008 8:09:59 PM 263 32 C:\Documents and Settings\Home\Local Settings\Temp\sarscan.log

4/13/2008 1:34:42 PM 265072 32 C:\Documents and Settings\Home\Local Settings\Temp\SilverlightMSI2933.txt

4/13/2008 1:34:41 PM 9290 32 C:\Documents and Settings\Home\Local Settings\Temp\SilverlightUI2933.txt

4/11/2008 7:48:55 PM 1244262 32 C:\Documents and Settings\Home\Local Settings\Temp\Und102.tmp

4/11/2008 7:48:57 PM 300318 32 C:\Documents and Settings\Home\Local Settings\Temp\Und103.tmp

5/8/2008 11:16:34 PM 1620102 32 C:\Documents and Settings\Home\Local Settings\Temp\Und136.tmp

5/8/2008 11:16:36 PM 999878 32 C:\Documents and Settings\Home\Local Settings\Temp\Und137.tmp

5/8/2008 11:17:04 PM 110999 32 C:\Documents and Settings\Home\Local Settings\Temp\Und138.tmp

5/8/2008 11:17:16 PM 516434 32 C:\Documents and Settings\Home\Local Settings\Temp\Und139.tmp

5/8/2008 11:17:20 PM 184514 32 C:\Documents and Settings\Home\Local Settings\Temp\Und13A.tmp

5/8/2008 11:17:23 PM 184514 32 C:\Documents and Settings\Home\Local Settings\Temp\Und13B.tmp

5/8/2008 11:17:28 PM 295154 32 C:\Documents and Settings\Home\Local Settings\Temp\Und13C.tmp

5/8/2008 11:17:39 PM 110754 32 C:\Documents and Settings\Home\Local Settings\Temp\Und13D.tmp

5/8/2008 11:17:44 PM 73874 32 C:\Documents and Settings\Home\Local Settings\Temp\Und13E.tmp

5/9/2008 5:07:56 PM 31682 32 C:\Documents and Settings\Home\Local Settings\Temp\Uninstall Log 2008-05-09 #001.txt

4/13/2008 12:37:41 PM 72486 32 C:\Documents and Settings\Home\Local Settings\Temp\uxeventlog.txt

4/20/2008 3:26:17 PM 9414 32 C:\Documents and Settings\Home\Local Settings\Temp\{3D71D632-E336-42AD-BFA9-B0D72195BAEE}

=== Files and Folders under "All Users\Application Data" Last 30 Days======

=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}

btorbit.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

scriptproxy

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

=== Running Processes ======

System Idle Process [0]

System [4]

smss.exe [584] \SystemRoot\System32\smss.exe

csrss.exe [648]

winlogon.exe [672] winlogon.exe

services.exe [716] C:\WINDOWS\system32\services.exe

lsass.exe [728] C:\WINDOWS\system32\lsass.exe

svchost.exe [888] C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe [968]

svchost.exe [1064] C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe [1120]

svchost.exe [1268]

spoolsv.exe [1376] C:\WINDOWS\system32\spoolsv.exe

explorer.exe [1692] C:\WINDOWS\Explorer.EXE

GrooveMonitor.exe [1780] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

mcagent.exe [1788] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mcmscsvc.exe [2036] C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

McNASvc.exe [212] "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"

McProxy.exe [308] c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

Mcshield.exe [428] C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

MpfSrv.exe [476] "C:\Program Files\McAfee\MPF\MPFSrv.exe"

nvsvc32.exe [512] C:\WINDOWS\System32\nvsvc32.exe

alg.exe [2476]

wuauclt.exe [3444] "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[428]SUSDSd23f6433c708994d8545097af491df97

wmiprvse.exe [3632]

Opera.exe [3764] "C:\Program Files\Opera\Opera.exe"

ctfmon.exe [4036] ctfmon.exe

mcsysmon.exe [1604] C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

WLLoginProxy.exe [2664] "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe" -Embedding

wscript.exe [2728] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Home\Desktop\FileLister.vbe"

wmiprvse.exe [860]

=== Uninstall List From Registry ======

AbsoluteShield File Shredder

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Dreamweaver CS3

Age of Mythology

Age of Mythology - The Titans Expansion

AVG Anti-Rootkit Free

BitLord 1.1

Microsoft Office Enterprise 2007

getPlus(R)_ocx

HijackThis 2.0.2

Microsoft Internationalized Domain Names Mitigation APIs

Windows Internet Explorer 7

Windows Genuine Advantage Validation Tool (KB892130)

Microsoft Base Smart Card Cryptographic Service Provider Package

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows Internet Explorer 7 (KB938127)

Hotfix for Windows Media Player 11 (KB939683)

Security Update for Windows XP (KB941569)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Hotfix for Windows Internet Explorer 7 (KB947864)

K-Lite Mega Codec Pack 3.7.0

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.1

McAfee SecurityCenter

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft National Language Support Downlevel APIs

NVIDIA Drivers

Orbit Downloader

Paint Shop Pro 6.02 ESD

PowerISO

Intel(R) PRO Ethernet Adapter and Software

Half-Life 2

Counter-Strike: Source

Peggle Deluxe Demo

Half-Life 2: Episode One

Portal

Garry's Mod

Half-Life 2: Episode Two

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

Windows Media Format 11 runtime

Windows Media Player 11

Microsoft User-Mode Driver Framework Feature Pack 1.0

XML Paper Specification Shared Components Pack 1.0

MSXML4 Parser

Steam

Opera 9.27

MSXML 6.0 Parser (KB933579)

Windows Live Sign-in Assistant

Adobe Camera Raw 4.0

Google Earth

Adobe Device Central CS3

Adobe Extension Manager CS3

Microsoft .NET Framework 3.0 Service Pack 1

Java(TM) 6 Update 3

WebFldrs XP

Adobe Setup

Adobe Version Cue CS3 Client

Adobe ExtendScript Toolkit 2

Windows Live Messenger

Adobe Bridge CS3

Adobe Help Viewer CS3

Adobe Bridge Start Meeting

Microsoft Silverlight

Adobe Asset Services CS3

Adobe Type Support

Microsoft Software Update for Web Folders (English) 12

Microsoft Office Access MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Excel MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office PowerPoint MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Publisher MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Outlook MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Word MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Proof (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Proof (French) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Proof (Spanish) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Proofing (English) 2007

Microsoft Office Enterprise 2007

Security Update for Office 2007 (KB947801)

Security Update for Outlook 2007 (KB946983)

Security Update for Visio 2007 (KB947590)

Security Update for Excel 2007 (KB946974)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb949037)

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office InfoPath MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Shared MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office OneNote MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Groove MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Groove Setup Metadata MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Shared Setup Metadata MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Microsoft Office Access Setup Metadata MUI (English) 2007

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Anchor Service CS3

Adobe CMaps

Windows Live installer

Adobe Reader 8.1.2

Spybot - Search & Destroy

Microsoft .NET Framework 2.0 Service Pack 1

Apple Software Update

Adobe Default Language CS3

Windows Presentation Foundation

QuickTime

MSXML 4.0 SP2 (KB936181)

Microsoft .NET Framework 1.1

Adobe Update Manager CS3

Adobe PDF Library Files

Dell ResourceCD

Adobe Dreamweaver CS3

SoundMAX

Sony Ericsson PC Suite

bamajim

10.4K Posts

May 9th, 2008 17:00

ThePowell

I don't see any signs of infection in your logs.

What do the pop ups you get say?

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Thepowell

21 Posts

May 9th, 2008 19:00

Right, its normally in relation to programs I’m using or websites I’m visiting, ie online banking results in loan popups (I use opera but popups are only ie). It’s been on the machine for months since I reinstalled it all. I foolishly did it with the net connected. Examples right now >

http://url.adtrgt.com/cpv.jsp?p=112194&ip=192.221.106.7&url=http%3A%2F%2Fwww.dsa.gov.uk%2Fatozservices_bannered.asp%3Fletter%3Dd%26cat%3D-1%26s%3D%26typeid%3D18%26testtype%3D&selectedKeyword=ron&selectedListingId=6833664

res://ieframe.dll/navcancl.htm

Used to advertise celldora allot but it pops up with many things, your pc is infected, your registry has problems, those spoofs also some ip addresses, attempt to download things sometimes and also directs to sites where it asks for persimmons’ to view. Adverts with music videos embedded also.

To test it I just typed cheese in Google, and clicked the wiki link. It popped up with

http://ad.doubleclick.net/adi/adon.xm.germany/;sz=1x1;ord=1210363774978?

Sometimes it’s just the random casino adverts as well. It’s got allot worse over the last few days.

Thanks for look at it!

Thepowell

21 Posts

May 9th, 2008 19:00

popped up with http://www.registrydefender.com/l/index.zp.asp?utm_source=CD284&kwd= after I posted that lol

bamajim

10.4K Posts

May 12th, 2008 11:00

Thepowell

Sorry for the delay.

1. Lets check some settings on your system.

(2000/XP) Only

In the windows control panel.
If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections.
Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties.
Click the Networking tab.
Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems

Next Go start run type cmd and hit OK
type
ipconfig /flushdns (that space between g and / is needed)
then hit enter, type exit hit enter

2.Run an online virus scan called Kaspersky from HERE.

1. Click on " Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on " Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on " Next"->>" Scan Settings", and make sure the database is set to " extended". And check both the scan options. Then click OK.
5. Then click on " My Computer". And the scan will start.
6. When the scan is complete Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Thepowell

21 Posts

May 12th, 2008 20:00

Kept popping up with this!

http://www.registrydefender.com/l/index.zp.asp?utm_source=CD284&kwd=

Took awhile :D

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, May 12, 2008 10:05:23 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 12/05/2008

Kaspersky Anti-Virus database records: 763380

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - Folders:

C:\

Scan Statistics:

Total number of scanned objects: 116185

Number of viruses found: 0

Number of infected objects: 0

Number of suspicious objects: 0

Duration of the scan process: 01:38:34

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{A4151854-A6A3-4ADB-AACF-08E635540EB1}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{EFBA25F3-3ABB-4A5A-BD8C-CAD8FD1BC303}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Home\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat Object is locked skipped

C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Opera\mail\indexer\indexer.dat Object is locked skipped

C:\Program Files\Opera\mail\lexicon\lexicon.dat Object is locked skipped

C:\Program Files\Opera\mail\mailbase.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped

C:\WINDOWS\system32\drivers\netbtt.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_SB35lCffW8CVWfK Object is locked skipped

C:\WINDOWS\Temp\mcmsc_aShfK5pfKOaT1SC Object is locked skipped

C:\WINDOWS\Temp\mcmsc_ONBtecesAnL3RPq Object is locked skipped

C:\WINDOWS\Temp\mcmsc_SQNa1s7Bgv5AL9j Object is locked skipped

C:\WINDOWS\Temp\mcmsc_StQtjFCFSxaQaoU Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

bamajim

10.4K Posts

May 13th, 2008 14:00

Thepowell

1. Please download Brute Force Uninstaller to your desktop.

Right click Extract All ->> Extract it to your Desktop
Additional help on extracting zip files can be found HERE

2. Open Notepad (Not Word Pad)
Copy and paste the following into NotePad

OptionOnDeleteFailUseReboot
FileDelete C:\WINDOWS\system32\drivers\core.cache.dsk
FileDelete C:\WINDOWS\system32\drivers\netbtt.sys
FileDelete C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
FileDelete C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

Select File ->> Save As Type in Delete.bfu
Under Save AS type Select "All Files"
And save it to the BFU folder that is on your Desktop

3. Open the bfu Folder

Double Click BFU.exe
When the Brute Force Uninstaller opens click the Folder Symbol
Locate the Delete.bfu file you made earlier ->> Select Open
The file name should now appear in the " Scriptfile to execute" box
Place a check in the box " Show log After Script ends"
Select " Execute"
When the script completes Select O.K.
The log will appear ->> Select Save->> save it to the bfu folder
Copy and paste the results of that log in your reply
Select Exit to close the BFU program

4. Reboot your PC Rerun Hijackthis and post a fresh Hijackthis log as well as the bfu log

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Thepowell

21 Posts

May 13th, 2008 15:00

Still poping up as always :smileyvery-happy:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:47:42, on 13/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Home\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled O4 - Global Startup: Google Updater.lnk.disabled O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202067261311 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: DMK - Unknown owner - C:\DOCUME~1\Home\LOCALS~1\Temp\DMK.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 7520 bytes

Thepowell

21 Posts

May 13th, 2008 15:00

BFU v1.11.0

Windows XP SP3 (WinNT 5.01.2600 SP3)

Script started at 17:39:53, on 13/05/2008

Failed: FileDelete C:\WINDOWS\system32\drivers\core.cache.dsk (operation failed)

Success: FileDeleteOnReboot C:\WINDOWS\system32\drivers\core.cache.dsk

Failed: FileDelete C:\WINDOWS\system32\drivers\netbtt.sys (operation failed)

Success: FileDeleteOnReboot C:\WINDOWS\system32\drivers\netbtt.sys

Failed: FileDelete C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat (operation failed)

Success: FileDeleteOnReboot C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

Failed: FileDelete C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat (operation failed)

Success: FileDeleteOnReboot C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

Script completed at 17:39:56.

View All

Virus & Spyware

Random ie popups, advertisement - rootkit?

Was this post helpful?