+ 2010-07-25 01:00 . 2010-07-25 01:00 7974912 c:\windows\Installer\ba1e1.msi
+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\8c3aa53.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\50ceefc.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\50ceefb.msp
+ 2010-07-25 01:08 . 2010-07-25 01:08 5830144 c:\windows\Installer\2efee.msi
+ 2010-06-11 21:15 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-11 21:15 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-11 21:15 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-11 21:19 . 2010-06-11 21:19 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b7768436\System.dll
+ 2010-06-11 21:21 . 2010-06-11 21:21 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8a6729cb\System.dll
+ 2010-06-11 21:20 . 2010-06-11 21:20 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a50c440f\System.Xml.dll
+ 2010-06-11 21:21 . 2010-06-11 21:21 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4acdd605\System.Xml.dll
+ 2010-06-11 21:21 . 2010-06-11 21:21 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a06220d0\System.Windows.Forms.dll
+ 2010-06-11 21:20 . 2010-06-11 21:20 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_930ef315\System.Windows.Forms.dll
+ 2010-06-11 21:21 . 2010-06-11 21:21 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_40950e54\System.Drawing.dll
+ 2010-06-11 21:21 . 2010-06-11 21:21 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8be3bb40\System.Design.dll
+ 2010-06-11 21:20 . 2010-06-11 21:20 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_62af8a63\System.Design.dll
+ 2010-06-11 21:21 . 2010-06-11 21:21 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_70e20db3\mscorlib.dll
+ 2010-06-11 21:20 . 2010-06-11 21:20 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0e88ee5b\mscorlib.dll
+ 2010-06-27 17:44 . 2010-06-27 17:44 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-27 17:46 . 2010-06-27 17:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-11 21:11 . 2010-06-11 21:11 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-11 21:17 . 2010-06-11 21:17 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-11 21:55 . 2010-06-11 21:55 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-11 21:55 . 2010-06-11 21:55 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-11 21:55 . 2010-06-11 21:55 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-11 21:55 . 2010-06-11 21:55 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-11 21:16 . 2010-06-11 21:16 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-11 21:51 . 2010-06-11 21:51 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-27 17:46 . 2010-06-27 17:46 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-11 21:51 . 2010-06-11 21:51 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-11 21:16 . 2010-06-11 21:16 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-11 21:14 . 2010-06-11 21:14 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-11 21:52 . 2010-06-11 21:52 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-11 21:53 . 2010-06-11 21:53 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-11 21:14 . 2010-06-11 21:14 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-11 21:53 . 2010-06-11 21:53 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-11 21:14 . 2010-06-11 21:14 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-27 17:46 . 2010-06-27 17:46 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-27 17:46 . 2010-06-27 17:46 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-11 21:11 . 2010-06-11 21:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-11 21:52 . 2010-06-11 21:52 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-11 21:52 . 2010-06-11 21:52 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-11 21:52 . 2010-06-11 21:52 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-11 21:52 . 2010-06-11 21:52 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-11 21:52 . 2010-06-11 21:52 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-27 10:05 . 2010-06-27 10:05 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-27 10:03 . 2010-06-27 10:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-27 10:03 . 2010-06-27 10:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-05-16 11:11 . 2010-05-16 11:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-27 10:02 . 2010-06-27 10:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-05-16 11:10 . 2010-05-16 11:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-11 21:11 . 2010-06-11 21:11 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-27 10:02 . 2010-06-27 10:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-05-16 11:10 . 2010-05-16 11:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-27 10:05 . 2010-06-27 10:05 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-27 10:02 . 2010-06-27 10:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-05-16 11:10 . 2010-05-16 11:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-05-16 11:11 . 2010-05-16 11:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-27 10:03 . 2010-06-27 10:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-27 10:05 . 2010-06-27 10:05 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-09-16 18:54 . 2009-09-16 18:54 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-05-16 11:10 . 2010-05-16 11:10 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-27 10:03 . 2010-06-27 10:03 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-11 21:19 . 2010-06-11 21:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-11-13 22:05 . 2009-11-13 22:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-11-13 22:05 . 2009-11-13 22:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-11 21:19 . 2010-06-11 21:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-11 21:17 . 2009-08-14 12:19 1850112 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-11 21:14 . 2009-05-20 20:44 2355200 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-06-11 21:13 . 2009-11-27 17:33 1291264 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-06-10 23:06 . 2010-05-06 10:36 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2010-06-10 23:06 . 2010-05-06 10:36 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2010-06-10 23:06 . 2010-05-06 10:36 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-05-02 05:22 . 2010-05-02 05:22 1851264 c:\windows\$hf_mig$\KB979559\SP3GDR\win32k.sys
+ 2010-05-02 07:09 . 2010-05-02 07:09 1859968 c:\windows\$hf_mig$\KB979559\SP2QFE\win32k.sys
+ 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-02-05 18:27 . 2010-02-05 18:27 1291776 c:\windows\$hf_mig$\KB975562\SP3GDR\quartz.dll
+ 2010-02-05 18:14 . 2010-02-05 18:14 1291776 c:\windows\$hf_mig$\KB975562\SP2QFE\quartz.dll
+ 2009-03-08 12:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-11-13 23:06 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 02:29 . 2010-04-03 02:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-03-31 08:23 . 2010-03-31 08:23 15638528 c:\windows\Installer\8c3aa5f.msp
+ 2010-04-02 19:30 . 2010-04-02 19:30 17456640 c:\windows\Installer\50cef27.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 14599680 c:\windows\Installer\50cef0a.msp
+ 2010-07-25 01:07 . 2010-07-25 01:07 11749888 c:\windows\Installer\2efe4.msi
+ 2010-06-11 21:15 . 2010-02-25 18:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-11 21:17 . 2010-06-11 21:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-11 21:54 . 2010-06-11 21:54 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-11 21:52 . 2010-06-11 21:52 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-11 21:15 . 2010-06-11 21:15 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-27 17:45 . 2010-06-27 17:45 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-27 17:44 . 2010-06-27 17:44 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
+ 2010-05-06 23:06 . 2010-05-06 23:06 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="c:\program files\Real\RealPlayer\realplay.exe" [2006-06-05 1003520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-14 151597]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-07 504080]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-20 286720]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE [2005-7-19 180224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1163553086\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Admin\\Desktop\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57202:TCP"= 57202:TCP:Pando Media Booster
"57202:UDP"= 57202:UDP:Pando Media Booster
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/14/2007 10:44 PM 24652]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/31/2010 8:16 PM 721904]
.
Contents of the 'Scheduled Tasks' folder
2005-07-14 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\w2hy2z70.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=16-05-2010&tb_mrud=16-05-2010
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=16-05-2010&tb_mrud=16-05-2010&query=
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\w2hy2z70.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\w2hy2z70.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-xvvmavup - c:\documents and settings\Admin\Local Settings\Application Data\iaxjpougq\eakhonqtssd.exe
HKLM-Run-xvvmavup - c:\documents and settings\Admin\Local Settings\Application Data\iaxjpougq\eakhonqtssd.exe
AddRemove-IL Download Manager - c:\program files\Image-Line\Downloader\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 11:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-07-30 11:07:07
ComboFix-quarantined-files.txt 2010-07-30 18:07
ComboFix2.txt 2010-05-28 21:25
Pre-Run: 2,973,106,176 bytes free
Post-Run: 3,193,380,864 bytes free
- - End Of File - - EE6A57F785DBE4BC54ECDBDBE018A908