Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Bho.o Asfsip.dll Wont Leave!


  • Please log in to reply
23 replies to this topic

#1 miksar

miksar

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 31 July 2008 - 11:31 PM

This is a co workers computer. She is old and really doesnt know how to keep the malware off. so I offered. Well... I downloaded AVG and it found several trojans.... But the asfsip.dll just wont go away.. so i know I am doing something wrong. So if you could be so kind and give a little help to your frinds. We get by with a little help from our friends!!!

HJT logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:56 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Robert\My Documents\HiJack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {E101C62A-2525-4E32-9611-32449ADFA37E} - C:\WINDOWS\System32\asfsip.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [braviax] braviax.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Telephony TapiSrvuploadmgr (TapiSrvuploadmgr) - Unknown owner - C:\WINDOWS\System32\1031v.exe (file missing)

--
End of file - 4133 bytes

Edited by miksar, 31 July 2008 - 11:32 PM.


BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:26 PM

Posted 01 August 2008 - 06:59 AM

Hi and welcome to BC! :thumbsup:

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 04 August 2008 - 05:25 PM

ok, it wouldnt let me run it. So I renamed it to combofi.exe.... it ran but it just stays on the blue screen window with a blinking cursor...

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:26 PM

Posted 04 August 2008 - 05:26 PM

It could be that the processes you have running are stopping Combofix from working.
We can try something else - first ensure that combofix is saved to your desktop!

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#5 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 04 August 2008 - 05:30 PM

nevermind it ran

#6 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 04 August 2008 - 05:50 PM

ok ,it ran all the 50 some steps and then now its not going anywhere... for like 5 minutes..... BTW , I am on my own laptop talking to you now. So i dont know if I should cancel out of it??

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:26 PM

Posted 04 August 2008 - 05:51 PM

Leave it for the next 15 minutes - it is often quite slow to run so don't worry about it.
If there is no progress after 15, let me know and we can move on.. :thumbsup:

#8 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 04 August 2008 - 05:53 PM

alright, Im sorry im so impatient! Thanks though for all your help.!!

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:26 PM

Posted 04 August 2008 - 05:53 PM

No problem, I know it can be frustrating..

#10 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 04 August 2008 - 06:20 PM

ComboFix 08-08-04.01 - Robert 2008-08-04 17:31:40.1 - NTFSx86
Running from: C:\Documents and Settings\Robert\Desktop\combofi.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\Robert\Application Data\SystemDoctor Free
C:\Documents and Settings\Robert\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\pymebynaf._dl
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\xixum.exe
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\ymakyfosig.exe
C:\Program Files\Common Files\SystemDoctor
C:\Program Files\Common Files\SystemDoctor\err.log
C:\WINDOWS\braviax.exe
C:\WINDOWS\cru629.dat
C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\BrowserSearch\BrowserSearch.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Configurator\Configurator.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Configurator\Configurator.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Dating\DatingOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Dating\DatingOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Layouts\ToolbarLayout.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Manager\ManagerOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Manager\ManagerOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Map_It\Map_ItOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Map_It\Map_ItOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Reference\ReferenceOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Reference\ReferenceOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Ringtones\RingtonesOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Ringtones\RingtonesOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Toolbar\TBProductsOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather\AlertArchive.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather\AlertArchive.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather\WeatherOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather\WeatherOptions.xml.backup
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\system32\winivstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TAPISRVUPLOADMGR
-------\Service_TapiSrvuploadmgr


((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 17:36 . 2002-08-29 07:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-08-04 17:36 . 2002-08-29 07:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-08-04 17:16 . 2008-08-04 17:16 <DIR> d-------- C:\sUBs
2008-07-31 22:53 . 2008-07-31 22:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 22:15 . 2008-08-04 17:12 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-31 22:01 . 2008-07-31 22:01 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-31 22:01 . 2008-07-31 22:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-31 22:00 . 2008-08-04 17:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-31 21:59 . 2008-07-31 21:59 <DIR> d-------- C:\Program Files\AVG
2008-07-31 21:59 . 2008-07-31 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-31 21:19 . 2008-07-31 22:41 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-31 21:11 . 2008-07-31 21:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-07-31 21:07 . 2008-07-31 21:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-31 21:00 . 2008-07-31 21:00 32 --a-s---- C:\WINDOWS\system32\432543950.dat
2008-07-31 20:57 . 2008-07-31 20:57 <DIR> d-------- C:\WINDOWS\EHome
2008-07-31 20:33 . 2008-07-31 20:33 19,805 --a------ C:\Documents and Settings\Robert\Application Data\igoxy.vbs
2008-07-31 20:33 . 2008-07-31 20:33 19,761 --a------ C:\Documents and Settings\Robert\Application Data\vosivehyg.exe
2008-07-31 20:33 . 2008-07-31 20:33 19,730 --a------ C:\Program Files\Common Files\cuhuco.sys
2008-07-31 20:33 . 2008-07-31 20:33 19,460 --a------ C:\WINDOWS\axyxy.db
2008-07-31 20:33 . 2008-07-31 20:33 18,174 --a------ C:\WINDOWS\system32\puninim.pif
2008-07-31 20:33 . 2008-07-31 20:33 18,168 --a------ C:\WINDOWS\axozy.com
2008-07-31 20:33 . 2008-07-31 20:33 17,463 --a------ C:\WINDOWS\urovapeko.dat
2008-07-31 20:33 . 2008-07-31 20:33 17,328 --a------ C:\Documents and Settings\All Users\Application Data\epexew.scr
2008-07-31 20:33 . 2008-07-31 20:33 16,880 --a------ C:\WINDOWS\system32\ofulovyzi.dl
2008-07-31 20:33 . 2008-07-31 20:33 16,843 --a------ C:\Program Files\Common Files\dogahuqen.dll
2008-07-31 20:33 . 2008-07-31 20:33 13,811 --a------ C:\Program Files\Common Files\ugujezyn.pif
2008-07-31 20:33 . 2008-07-31 20:33 11,755 --a------ C:\WINDOWS\gynuxer._dl
2008-07-31 20:33 . 2008-07-31 20:33 11,252 --a------ C:\WINDOWS\xodoqu.db
2008-07-31 20:33 . 2008-07-31 20:33 11,213 --a------ C:\WINDOWS\itima.reg
2008-07-31 20:25 . 2008-07-31 20:25 18,908 --a------ C:\Program Files\Common Files\ataloduk.dll
2008-07-31 20:25 . 2008-07-31 20:25 18,539 --a------ C:\WINDOWS\system32\ahor.exe
2008-07-31 20:25 . 2008-07-31 20:25 17,348 --a------ C:\WINDOWS\deqycasu.db
2008-07-31 20:25 . 2008-07-31 20:25 17,287 --a------ C:\Program Files\Common Files\opuhicaqas.pif
2008-07-31 20:25 . 2008-07-31 20:25 16,555 --a------ C:\Program Files\Common Files\mesuvujuke.sys
2008-07-31 20:25 . 2008-07-31 20:25 14,404 --a------ C:\Documents and Settings\All Users\Application Data\egylojyreg.bat
2008-07-31 20:25 . 2008-07-31 20:25 14,352 --a------ C:\WINDOWS\nulyhusuta.scr
2008-07-31 20:25 . 2008-07-31 20:25 14,118 --a------ C:\WINDOWS\ydazomew.bat
2008-07-31 20:25 . 2008-07-31 20:25 13,872 --a------ C:\WINDOWS\system32\ypotirika.bin
2008-07-31 20:25 . 2008-07-31 20:25 13,661 --a------ C:\WINDOWS\afovokokib._sy
2008-07-31 20:25 . 2008-07-31 20:25 13,012 --a------ C:\Documents and Settings\Robert\Application Data\xuhadohamu.reg
2008-07-31 20:25 . 2008-07-31 20:25 12,164 --a------ C:\Documents and Settings\All Users\Application Data\agop.bin
2008-07-31 20:25 . 2008-07-31 20:25 11,335 --a------ C:\WINDOWS\uricygo.pif
2008-07-31 20:25 . 2008-07-31 20:25 11,209 --a------ C:\WINDOWS\system32\urekehyf.sys
2008-07-31 20:25 . 2008-07-31 20:25 11,086 --a------ C:\Documents and Settings\All Users\Application Data\elyzeja.bat
2008-07-31 20:24 . 2008-07-27 22:29 172,295 --a------ C:\WINDOWS\system32\_scui.cpl
2008-07-31 19:07 . 2008-07-31 19:07 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-31 18:59 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 18:51 . 2008-07-31 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-31 18:50 . 2008-07-31 18:50 0 --a------ C:\WINDOWS\system32\L53cKEUu.exe.a_a
2008-07-31 18:39 . 2008-07-31 18:39 <DIR> d-------- C:\Program Files\CCleaner
2008-07-31 17:11 . 2008-07-31 17:14 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\spweng
2008-07-23 14:37 . 2008-07-23 14:37 29 --a------ C:\WINDOWS\system32\qptiargf.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 05:08 --------- d-----w C:\Documents and Settings\Robert\Application Data\MSN6
2008-08-01 04:49 --------- d-----w C:\Program Files\Slide
2008-08-01 03:16 --------- d-----w C:\Program Files\SymNetDrv
2008-08-01 02:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 01:50 --------- d-----w C:\Program Files\Norton AntiVirus
2008-08-01 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-01 01:44 --------- d-----w C:\Program Files\Google
2008-08-01 01:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 01:25 11,109 ----a-w C:\Program Files\Common Files\oxupurylaf.lib
2008-07-31 23:42 --------- d-----w C:\Program Files\Yahoo!
2008-07-31 21:39 --------- d-----w C:\Program Files\LimeWire
2008-06-24 02:23 --------- d-----r C:\WINDOWS\system32\config\systemprofile\Application Data\Brother
.

------- Sigcheck -------

2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-04-20 06:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
2006-04-20 06:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp1qfe\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
2006-04-20 06:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 06:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E101C62A-2525-4E32-9611-32449ADFA37E}]
2008-07-16 16:24 101632 --a------ C:\WINDOWS\System32\asfsip.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:56 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 20:44 65536]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-05-14 15:53 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 06:03 49263]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-31 21:59 1232152]
"VTTimer"="VTTimer.exe" [2004-06-23 10:19 49152 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 18:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-18 00:19 88363 C:\WINDOWS\AGRSMMSG.exe]
"VTTrayp"="VTtrayp.exe" [2004-06-23 10:19 143360 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Robert
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Robert\LOCALS~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Robert\LOCALS~1\Temp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-06-23 10:13 167936 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-ra------ 2006-03-28 17:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-04-10 16:58 61440 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 16:45 49152 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2000-08-15 20:25 311350 C:\Program Files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-08-15 20:25 36931 C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 02:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 16:25 65585 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-04 23:23 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-07-15 14:38 319488 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2004-02-24 11:55 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 20:02 57344 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 12:22 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2000-08-15 20:25 32768 C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-05 22:35 3092480 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R3 CB102;D-Link DFE-680TXD DirectPort CardBus Driver;C:\WINDOWS\system32\DRIVERS\cb102.sys [2001-08-17 14:12]
S0 cjfnxtvv;cjfnxtvv;C:\WINDOWS\system32\drivers\dejrgikm.dat []
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-31 22:01]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-31 21:59]
S3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2004-06-23 10:06]

.
Contents of the 'Scheduled Tasks' folder

2005-06-14 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 14:24]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ANONYMIZER_SPYWAREKILLER - C:\Program Files\SpyWare Killer\spywarekiller.exe
MSConfigStartUp-update - C:\DOCUME~1\Robert\LOCALS~1\Temp\update.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 18:10:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\d3655d1d-d010-4256-81af-c97d456de94f.tmp
C:\WINDOWS\system32\drivers\Ijc35.sys 118784 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ijc35]


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cjfnxtvv]
"ImagePath"="system32\drivers\dejrgikm.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-04 18:15:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 23:15:42

Pre-Run: 15,568,138,240 bytes free
Post-Run: 22,402,486,272 bytes free

280 --- E O F --- 2008-08-01 06:21:57






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:36 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Robert\My Documents\HiJack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: (no name) - {E101C62A-2525-4E32-9611-32449ADFA37E} - C:\WINDOWS\System32\asfsip.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3568 bytes

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:26 PM

Posted 04 August 2008 - 06:22 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation finishes, leave both 'Update' and 'Launch' checked. Click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here.

On the Scanner tab, ensure the "Perform Quick Scan" option is selected, then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
When the scan finishes, a box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

#12 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 04 August 2008 - 08:12 PM

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

6:37:37 PM 8/4/2008
mbam-log-8-4-2008 (18-37-37).txt

Scan type: Quick Scan
Objects scanned: 40412
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e101c62a-2525-4e32-9611-32449adfa37e} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e101c62a-2525-4e32-9611-32449adfa37e} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\aclient.httpguard (Packer.Morphine) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aclient.httpguard.1 (Packer.Morphine) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\meedia (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\asfsip.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\SystemDoctor Free\hisbh.xml (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free\ResErrors.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free\st.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

#13 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 04 August 2008 - 08:19 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:09 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Robert\My Documents\HiJack.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: (no name) - {E101C62A-2525-4E32-9611-32449ADFA37E} - C:\WINDOWS\System32\asfsip.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3544 bytes

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:26 PM

Posted 05 August 2008 - 01:38 PM

Let's get stuck in! Please first reboot the PC if you haven't done so since posting the last Hijackthis log.

Fix the following entry with Hijackthis, in the same way you've done it before:
O2 - BHO: (no name) - {E101C62A-2525-4E32-9611-32449ADFA37E} - C:\WINDOWS\System32\asfsip.dll

Click start > run and type: notepad, then hit enter.
Copy and paste in the following text into the window.

File::
C:\Documents and Settings\Robert\Application Data\igoxy.vbs
C:\Documents and Settings\Robert\Application Data\vosivehyg.exe
C:\Program Files\Common Files\cuhuco.sys
C:\WINDOWS\axyxy.db
C:\WINDOWS\system32\puninim.pif
C:\WINDOWS\axozy.com
C:\WINDOWS\urovapeko.dat
C:\Documents and Settings\All Users\Application Data\epexew.scr
C:\WINDOWS\system32\ofulovyzi.dl
C:\Program Files\Common Files\dogahuqen.dll
C:\Program Files\Common Files\ugujezyn.pif
C:\WINDOWS\gynuxer._dl
C:\WINDOWS\xodoqu.db
C:\WINDOWS\itima.reg
C:\Program Files\Common Files\ataloduk.dll
C:\WINDOWS\system32\ahor.exe
C:\WINDOWS\deqycasu.db
C:\Program Files\Common Files\opuhicaqas.pif
C:\Program Files\Common Files\mesuvujuke.sys
C:\Documents and Settings\All Users\Application Data\egylojyreg.bat
C:\WINDOWS\nulyhusuta.scr
C:\WINDOWS\ydazomew.bat
C:\WINDOWS\system32\ypotirika.bin
C:\WINDOWS\afovokokib._sy
C:\Documents and Settings\Robert\Application Data\xuhadohamu.reg
C:\Documents and Settings\All Users\Application Data\agop.bin
C:\WINDOWS\uricygo.pif
C:\WINDOWS\system32\urekehyf.sys
C:\Documents and Settings\All Users\Application Data\elyzeja.bat
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\L53cKEUu.exe.a_a
C:\WINDOWS\system32\qptiargf.tmp
C:\WINDOWS\System32\asfsip.dll
C:\WINDOWS\system32\drivers\dejrgikm.dat
C:\WINDOWS\TEMP\d3655d1d-d010-4256-81af-c97d456de94f.tmp
C:\WINDOWS\system32\drivers\Ijc35.sys

Driver::
Ijc35
cjfnxtvv

Click File > Save and call it "CFScript.txt" (without quotes).
Save it to your desktop.
Posted Image
Refering to the picture above, drag CFscript.txt into ComboFix.exe
Combofix will run, and a text file will open. Please post it back here.

Also please post a new Hijackthis log.. :thumbsup:

Edited by D-Trojanator, 05 August 2008 - 01:39 PM.


#15 miksar

miksar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK
  • Local time:02:26 PM

Posted 08 August 2008 - 11:32 PM

ComboFix 08-08-08.07 - Robert 2008-08-08 23:17:36.2 - NTFSx86
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\agop.bin
C:\Documents and Settings\All Users\Application Data\egylojyreg.bat
C:\Documents and Settings\All Users\Application Data\elyzeja.bat
C:\Documents and Settings\All Users\Application Data\epexew.scr
C:\Documents and Settings\Robert\Application Data\igoxy.vbs
C:\Documents and Settings\Robert\Application Data\vosivehyg.exe
C:\Documents and Settings\Robert\Application Data\xuhadohamu.reg
C:\Program Files\Common Files\ataloduk.dll
C:\Program Files\Common Files\cuhuco.sys
C:\Program Files\Common Files\dogahuqen.dll
C:\Program Files\Common Files\mesuvujuke.sys
C:\Program Files\Common Files\opuhicaqas.pif
C:\Program Files\Common Files\ugujezyn.pif
C:\WINDOWS\afovokokib._sy
C:\WINDOWS\axozy.com
C:\WINDOWS\axyxy.db
C:\WINDOWS\deqycasu.db
C:\WINDOWS\gynuxer._dl
C:\WINDOWS\itima.reg
C:\WINDOWS\nulyhusuta.scr
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\ahor.exe
C:\WINDOWS\System32\asfsip.dll
C:\WINDOWS\system32\drivers\dejrgikm.dat
C:\WINDOWS\system32\drivers\Ijc35.sys
C:\WINDOWS\system32\L53cKEUu.exe.a_a
C:\WINDOWS\system32\ofulovyzi.dl
C:\WINDOWS\system32\puninim.pif
C:\WINDOWS\system32\qptiargf.tmp
C:\WINDOWS\system32\urekehyf.sys
C:\WINDOWS\system32\ypotirika.bin
C:\WINDOWS\TEMP\d3655d1d-d010-4256-81af-c97d456de94f.tmp
C:\WINDOWS\uricygo.pif
C:\WINDOWS\urovapeko.dat
C:\WINDOWS\xodoqu.db
C:\WINDOWS\ydazomew.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\agop.bin
C:\Documents and Settings\All Users\Application Data\egylojyreg.bat
C:\Documents and Settings\All Users\Application Data\elyzeja.bat
C:\Documents and Settings\All Users\Application Data\epexew.scr
C:\Documents and Settings\Robert\Application Data\igoxy.vbs
C:\Documents and Settings\Robert\Application Data\vosivehyg.exe
C:\Documents and Settings\Robert\Application Data\xuhadohamu.reg
C:\Program Files\Common Files\ataloduk.dll
C:\Program Files\Common Files\cuhuco.sys
C:\Program Files\Common Files\dogahuqen.dll
C:\Program Files\Common Files\mesuvujuke.sys
C:\Program Files\Common Files\opuhicaqas.pif
C:\Program Files\Common Files\ugujezyn.pif
C:\WINDOWS\afovokokib._sy
C:\WINDOWS\axozy.com
C:\WINDOWS\axyxy.db
C:\WINDOWS\deqycasu.db
C:\WINDOWS\gynuxer._dl
C:\WINDOWS\itima.reg
C:\WINDOWS\nulyhusuta.scr
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\ahor.exe
C:\WINDOWS\system32\asfsip.dll
C:\WINDOWS\system32\drivers\dejrgikm.dat
C:\WINDOWS\system32\L53cKEUu.exe.a_a
C:\WINDOWS\system32\ofulovyzi.dl
C:\WINDOWS\system32\puninim.pif
C:\WINDOWS\system32\qptiargf.tmp
C:\WINDOWS\system32\REGOBJ.DLL
C:\WINDOWS\system32\urekehyf.sys
C:\WINDOWS\system32\ypotirika.bin
C:\WINDOWS\uricygo.pif
C:\WINDOWS\urovapeko.dat
C:\WINDOWS\xodoqu.db
C:\WINDOWS\ydazomew.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CJFNXTVV
-------\Legacy_IJC35
-------\Service_cjfnxtvv


((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-08 23:23 . 2008-08-08 23:23 29 --a------ C:\WINDOWS\system32\idrtfupg.tmp
2008-08-05 03:01 . 2008-08-08 22:57 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-05 03:00 . 2008-08-05 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-04 20:51 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-04 18:26 . 2008-08-04 18:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 18:26 . 2008-08-04 18:26 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-08-04 18:26 . 2008-08-04 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 18:26 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 18:26 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 17:36 . 2002-08-29 07:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-08-04 17:36 . 2002-08-29 07:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-08-04 17:16 . 2008-08-04 17:16 <DIR> d-------- C:\sUBs
2008-07-31 22:53 . 2008-07-31 22:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 22:15 . 2008-08-08 22:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-31 22:01 . 2008-07-31 22:01 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-31 22:01 . 2008-07-31 22:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-31 22:00 . 2008-08-08 22:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-31 21:59 . 2008-07-31 21:59 <DIR> d-------- C:\Program Files\AVG
2008-07-31 21:59 . 2008-07-31 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-31 21:11 . 2008-07-31 21:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-07-31 21:07 . 2008-07-31 21:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-31 21:00 . 2008-07-31 21:00 32 --a-s---- C:\WINDOWS\system32\432543950.dat
2008-07-31 20:57 . 2008-07-31 20:57 <DIR> d-------- C:\WINDOWS\EHome
2008-07-31 19:07 . 2008-07-31 19:07 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-31 18:59 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 18:51 . 2008-07-31 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-31 18:39 . 2008-07-31 18:39 <DIR> d-------- C:\Program Files\CCleaner
2008-07-31 17:11 . 2008-07-31 17:14 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\spweng

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 05:08 --------- d-----w C:\Documents and Settings\Robert\Application Data\MSN6
2008-08-01 04:49 --------- d-----w C:\Program Files\Slide
2008-08-01 03:16 --------- d-----w C:\Program Files\SymNetDrv
2008-08-01 02:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 01:50 --------- d-----w C:\Program Files\Norton AntiVirus
2008-08-01 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-01 01:44 --------- d-----w C:\Program Files\Google
2008-08-01 01:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 01:25 11,109 ----a-w C:\Program Files\Common Files\oxupurylaf.lib
2008-07-31 23:42 --------- d-----w C:\Program Files\Yahoo!
2008-07-31 21:39 --------- d-----w C:\Program Files\LimeWire
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-04_18.15.10.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2004-06-18 13:49:51 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-09 03:54:02 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2004-06-18 13:49:47 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-09 03:54:05 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2004-06-18 13:49:36 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-09 03:54:27 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2004-06-18 13:49:36 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-09 03:54:06 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2004-06-18 13:49:51 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-08-09 03:54:19 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2004-06-18 13:49:54 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-08-09 03:54:14 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2004-06-18 13:49:48 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-08-09 03:54:20 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2004-06-18 13:49:48 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-09 03:54:03 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2004-06-18 13:49:48 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-09 03:54:24 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2004-06-18 13:49:49 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-09 03:54:13 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2004-06-18 13:49:48 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-09 03:54:08 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2004-06-18 13:49:49 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-08-09 03:54:09 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2004-06-18 13:49:49 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-09 03:54:18 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2004-06-18 13:49:49 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-09 03:54:30 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2004-06-18 13:49:50 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-09 03:54:16 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2004-06-18 13:49:50 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-09 03:54:10 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2004-06-18 13:49:50 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-09 03:54:12 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2004-06-18 13:49:50 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-09 03:54:21 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2004-06-18 13:49:52 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-08-09 03:54:01 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2004-06-18 13:49:50 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-09 03:54:07 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2004-06-18 13:49:50 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-09 03:54:04 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2004-06-18 13:49:50 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-09 03:54:23 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-06-18 13:49:51 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-09 03:54:11 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2004-06-18 13:49:51 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-08-09 03:54:17 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2004-06-18 13:49:49 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-09 03:54:32 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-09 03:55:31 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_10474b3a\CustomMarshalers.dll
+ 2008-08-09 03:56:51 3,379,200 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2c95357b\mscorlib.dll
+ 2008-08-09 03:56:40 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_47cb4f17\System.Design.dll
+ 2008-08-09 03:55:43 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_49425bac\System.Drawing.Design.dll
+ 2008-08-09 03:56:44 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2dc466fe\System.Drawing.dll
+ 2008-08-09 03:56:01 3,014,656 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e66e52a6\System.Windows.Forms.dll
+ 2008-08-09 03:56:22 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_120d2530\System.Xml.dll
+ 2008-08-09 03:55:24 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3396b0c2\System.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-08-05 08:01:00 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2003-02-21 02:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-21 02:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 06:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-21 02:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 06:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-21 02:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 06:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 02:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 17:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 16:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 17:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 16:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-21 02:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 19:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 14:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 19:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 14:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 19:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-21 02:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 05:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 14:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 19:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 14:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 19:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 19:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 19:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 02:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 05:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-21 02:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 05:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-21 02:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-21 02:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-15 05:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 14:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 02:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 05:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-21 02:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 05:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-21 02:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-21 02:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 21:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 02:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 14:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 19:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-21 02:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-15 05:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 14:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 19:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 14:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 19:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 14:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 14:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 19:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 14:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 19:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 14:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 19:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 14:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 19:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-21 02:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 05:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 14:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 19:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 14:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 19:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 14:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 19:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 14:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 19:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 14:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 19:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 14:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 19:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 14:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 19:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 14:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 19:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 14:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 19:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 14:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 19:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 14:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 19:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 14:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 19:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 18:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 17:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 16:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 12:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 13:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-21 03:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 07:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2004-08-04 07:56:41 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 07:56:41 150,528 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2005-10-21 04:08:44 986,112 ----a-w C:\WINDOWS\system32\DANIM.DLL
+ 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-04-21 07:03:56 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2005-10-21 04:08:44 986,112 -c--a-w C:\WINDOWS\system32\dllcache\DANIM.DLL
+ 2008-04-21 07:03:57 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-04-21 07:03:57 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-21 07:03:58 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-04-21 07:03:59 3,059,712 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-04-21 07:03:59 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-04-21 07:03:59 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-06-20 17:41:10 245,248 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-03-25 04:50:58 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-04-21 07:03:59 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2006-09-04 06:08:01 1,494,016 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-04-21 07:04:00 615,936 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-09-23 02:46:12 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 22:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-04-29 14:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 13:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-09-23 02:46:32 2,362,104 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-04 07:56:42 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 07:56:42 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 07:56:42 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 07:56:42 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 07:56:42 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 07:56:42 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2003-02-21 02:06:24 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2004-07-15 05:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2003-02-21 01:43:38 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2004-07-15 04:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2004-08-04 07:56:43 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 07:56:43 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 07:56:43 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 07:56:43 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-03-01 18:52:15 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 07:56:43 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 07:56:43 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 07:56:43 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 07:56:43 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 07:56:43 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:56:43 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 07:56:43 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:44 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 07:56:44 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2004-08-04 07:56:44 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2003-04-18 23:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 20:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2008-08-01 02:24:47 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-09 03:53:52 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-01 02:24:47 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-09 03:53:52 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-04 07:56:44 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-09-04 06:08:01 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2005-09-02 23:52:06 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2005-06-28 18:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 07:56:46 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 656,384 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:04:00 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-09-23 02:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 22:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-04-29 14:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-23 02:46:32 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2005-05-17 00:25:35 15,360 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-05-08 20:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 20:44 65536]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-05-14 15:53 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 06:03 49263]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-31 21:59 1232152]
"VTTimer"="VTTimer.exe" [2004-06-23 10:19 49152 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 18:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-18 00:19 88363 C:\WINDOWS\AGRSMMSG.exe]
"VTTrayp"="VTtrayp.exe" [2004-06-23 10:19 143360 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Robert
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Robert\LOCALS~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Robert\LOCALS~1\Temp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-ra------ 2006-03-28 17:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-04-10 16:58 61440 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 16:45 49152 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2000-08-15 20:25 311350 C:\Program Files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-08-15 20:25 36931 C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 02:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 16:25 65585 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-04 23:23 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-07-15 14:38 319488 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2004-02-24 11:55 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 20:02 57344 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 12:22 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2000-08-15 20:25 32768 C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-05 22:35 3092480 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R3 CB102;D-Link DFE-680TXD DirectPort CardBus Driver;C:\WINDOWS\system32\DRIVERS\cb102.sys [2001-08-17 14:12]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-31 22:01]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-31 21:59]


*Newly Created Service* - IJC35
.
Contents of the 'Scheduled Tasks' folder

2005-06-14 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 14:24]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Apoint - C:\Program Files\Apoint2K\Apoint.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 23:23:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\Ijc35.sys 118784 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ijc35]

.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-08 23:29:37 - machine was rebooted [Robert]
ComboFix-quarantined-files.txt 2008-08-09 04:29:32
ComboFix2.txt 2008-08-04 23:15:51

Pre-Run: 25,737,895,936 bytes free
Post-Run: 25,717,989,376 bytes free

644 --- E O F --- 2008-08-09 03:58:43



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:06 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Robert\My Documents\HiJack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users