Possible Virus. (TR/Crypt.TKM....)

+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-10-29 13:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-10-29 13:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-10-29 13:10 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-10-29 13:10 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-10-29 13:12 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2008-04-14 00:11 384512 c:\windows\$NtUninstallKB975558_WM8$\mp4sdmod.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-07-20 15:55 . 2010-02-23 00:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-20 15:55 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-20 15:55 . 2008-04-14 00:12 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-10-29 13:01 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-10-29 13:01 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2010-10-30 13:38 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll
+ 2010-10-30 13:39 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-10-29 13:12 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-10-29 13:12 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-10-29 13:12 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-10-29 08:26 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-10-29 13:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-10-29 13:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-10-29 13:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-10-29 13:10 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-10-29 13:10 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-10-29 13:10 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-10-30 13:40 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-10-29 13:12 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-10-29 13:12 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-07-20 15:55 . 2010-02-23 00:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-20 15:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-20 15:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-13 21:52 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe
+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-10-29 13:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe
+ 2010-10-29 08:26 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2004-08-10 17:51 . 2010-08-26 22:16 4886528 c:\windows\system32\wmp.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon(4).dll
+ 2004-08-10 17:51 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon(3).dll
+ 2004-08-10 17:51 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-10 17:51 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32(3).dll
+ 2010-07-10 03:59 . 2010-10-29 07:55 9843028 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-10 17:51 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 1287168 c:\windows\system32\ole32(3).dll
+ 2004-08-10 17:51 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
- 2004-08-10 17:51 . 2010-02-17 14:10 2189952 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
- 2004-08-10 17:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 17:51 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 17:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3(2).dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-07-11 12:04 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 23:34 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
+ 2004-08-10 17:51 . 2010-08-26 22:16 4886528 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-14 23:47 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-23 21:20 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2009-04-16 23:13 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-16 23:13 . 2010-02-17 14:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-16 23:13 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-16 23:13 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-16 23:13 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-16 23:13 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-27 00:43 . 2004-08-04 03:41 1309184 c:\windows\system32\dllcache\mtlstrm.sys
+ 2008-04-23 21:19 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-04-23 21:19 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 1428992 c:\windows\system32\dllcache\msvidctl.dll
+ 2007-12-08 01:07 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-09 19:38 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2010-03-09 19:38 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2008-07-26 13:30 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-27 00:42 . 2004-08-04 03:41 1041536 c:\windows\system32\dllcache\hsfdpsp2.sys
+ 2004-08-10 17:50 . 2008-04-14 00:11 1179648 c:\windows\system32\dllcache\d3d8.dll
+ 2010-09-22 14:44 . 2010-09-22 14:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 07:25 . 2010-09-23 07:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-07-09 22:28 . 2010-07-09 22:28 2151424 c:\windows\Installer\f831b0.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\f8319e.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\f83196.msp
+ 2010-09-23 12:39 . 2010-09-23 12:39 4265472 c:\windows\Installer\f8317d.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\d921380.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\d921378.msp
+ 2010-07-09 22:28 . 2010-07-09 22:28 2151424 c:\windows\Installer\484c2f2.msp
+ 2010-07-11 01:14 . 2010-07-11 01:14 2850816 c:\windows\Installer\484c2d6.msp
+ 2010-09-23 12:39 . 2010-09-23 12:39 4265472 c:\windows\Installer\34f8cd5c.msp
+ 2008-04-23 21:30 . 2010-10-29 13:11 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-04-23 21:30 . 2009-06-26 08:05 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-04-23 21:30 . 2009-06-26 08:05 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2008-04-23 21:30 . 2010-10-29 13:11 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2007-11-28 00:33 . 2007-11-28 00:33 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2009-04-16 23:13 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-16 23:13 . 2010-02-17 14:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-16 23:13 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-16 23:13 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-16 23:13 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-04-16 23:13 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-04-25 20:08 . 2007-04-25 20:08 2233944 c:\windows\Downloaded Program Files\msi.1.0.0.8.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b85554df\System.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_52820eb5\System.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_cbad1cc1\System.Xml.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_60cbd3e2\System.Xml.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a3a1ad63\System.Windows.Forms.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6baf8b52\System.Windows.Forms.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7fe2b767\System.Drawing.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7f41cd71\System.Design.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2fdfb313\System.Design.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_48e58e71\mscorlib.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0cd5c040\mscorlib.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-15 08:13 . 2009-08-15 08:13 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-10 13:19 . 2010-06-10 13:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-10 13:19 . 2010-06-10 13:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-29 13:02 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-10-29 13:10 . 2010-02-17 14:10 2189952 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-10-29 13:10 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-10-29 13:10 . 2010-02-16 13:25 2066816 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-10-29 13:10 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-10-30 13:39 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-10-30 13:39 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-10-29 08:02 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-10-29 08:07 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-10-29 08:07 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 12:14 . 2010-04-28 12:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-10-29 08:07 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2010-03-10 14:00 . 2010-10-07 15:46 35385288 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
+ 2008-07-26 13:30 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-24 19:08 . 2010-09-24 19:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\f83187.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\f83174.msp
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\484c2e0.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\34f8cd53.msp
+ 2010-10-29 13:07 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52ca772b93f517fc8fe53d0a240642b3\System.ServiceModel.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-10-29 13:12 . 2010-10-29 13:12 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-23 98304]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\Cattie\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-10-15 0]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-07 02:25 69632 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 -c--a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-07 02:41 8466432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-07 02:42 81920 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-04-07 02:42 1626112 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-04-23 21:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-07 02:25 16859648 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 16:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard downloader
"3724:TCP"= 3724:TCP:blizzard downloader
"57991:TCP"= 57991:TCP:Pando Media Booster
"57991:UDP"= 57991:UDP:Pando Media Booster
"56349:TCP"= 56349:TCP:Pando Media Booster
"56349:UDP"= 56349:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"3920:TCP"= 3920:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/18/2010 5:17 AM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/18/2010 5:17 AM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/18/2010 5:17 AM 29776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/18/2010 6:25 AM 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/18/2010 5:17 AM 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/18/2010 5:17 AM 3291336]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-01 c:\windows\Tasks\System Cleanup by Zappit.job
- c:\program files\Zappit\zappit.exe [2010-10-31 19:44]

2010-11-02 c:\windows\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-11-02 c:\windows\Tasks\User_Feed_Synchronization-{96B2581F-E1FF-4224-B9F2-AB3E31D00B96}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-11-01 c:\windows\Tasks\WebReg Deskjet D1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Cattie\Application Data\Mozilla\Firefox\Profiles\ip2bm7id.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Cattie\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 20:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2096645506-828190138-1039861506-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-01 20:08:19
ComboFix-quarantined-files.txt 2010-11-02 01:08
ComboFix2.txt 2010-07-10 06:14
ComboFix3.txt 2010-02-18 10:00
ComboFix4.txt 2009-10-11 03:57
ComboFix5.txt 2010-11-02 00:55

Pre-Run: 101,787,820,032 bytes free
Post-Run: 102,725,369,856 bytes free

- - End Of File - - ECB3B0914CF6FF45FBB96F26FC064726

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5029

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/3/2010 5:25:48 AM
mbam-log-2010-11-03 (05-25-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 248934
Time elapsed: 1 hour(s), 14 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP221\A0076732.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP222\A0077745.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic