Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've got many hard-to-solve infections. Help Please


  • This topic is locked This topic is locked
43 replies to this topic

#31 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:02:30 PM

Posted 11 November 2008 - 05:01 PM

Hello, sorry for being so late, I was doing some work on my new house for past few days. Now I am back and I will be responding quickly.

COMBOFIX QUARANTINED FILES

2008-10-05 18:07:58 A------- 0 C:\Qoobox\Quarantine\C\WINDOWS\system32\windows_update.exe.vir
2008-10-18 16:15:24 A------- 5,907 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-10-18 16:15:37 A------- 276 C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2008-10-18 16:15:37 A------- 1,220 C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.reg.dat
2008-10-18 16:15:38 A------- 1,268 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.reg.dat
2008-10-18 16:16:38 A------- 166 C:\Qoobox\Quarantine\catchme.log
2008-10-18 16:30:48 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-10-18 16:30:48 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-10-18 16:30:48 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-10-18 16:30:54 A------- 128 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Starter.reg.dat
2008-10-20 12:53:54 A------- 132 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG8_TRAY.reg.dat

COMBOFIX LOG


ComboFix 08-11-10.01 - MBI 2008-11-11 21:30:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.806 [GMT 0:00]
Running from: c:\mrt\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-11 20:09 . 2008-11-11 20:09 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-11 20:09 . 2008-11-11 20:09 1,409 --a------ c:\windows\QTFont.for
2008-11-11 09:16 . 2008-11-11 09:16 <DIR> d-------- c:\windows\LastGood
2008-11-07 18:50 . 2008-11-07 18:58 <DIR> d-------- C:\Fotky
2008-11-04 22:59 . 2008-11-04 22:59 <DIR> d-------- c:\program files\CCleaner
2008-11-04 22:49 . 2008-11-04 22:49 <DIR> d-------- c:\documents and settings\MBI\Application Data\uniblue
2008-11-04 22:48 . 2008-11-04 22:48 <DIR> d-------- c:\program files\Uniblue
2008-11-04 22:38 . 2008-11-04 22:38 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-04 22:38 . 2008-11-04 22:38 <DIR> d-------- c:\program files\MSBuild
2008-11-04 22:37 . 2008-11-04 22:37 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-04 22:35 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-04 22:35 . 2008-07-06 12:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-04 22:35 . 2008-07-06 10:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-04 22:35 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-04 22:35 . 2008-07-06 12:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-04 22:35 . 2008-07-06 12:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-04 22:35 . 2008-07-06 12:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-04 18:36 . 2008-11-04 18:36 <DIR> d-------- c:\program files\Macromedia
2008-11-04 18:36 . 2008-11-04 18:36 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-11-02 01:19 . 2008-11-02 01:19 <DIR> d-------- C:\_OTMoveIt
2008-10-30 23:44 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-10-30 23:43 . 2008-10-30 23:43 <DIR> d-------- c:\program files\Panda Security
2008-10-27 19:14 . 2008-10-27 19:14 <DIR> d-------- c:\program files\ERUNT
2008-10-26 17:49 . 2008-10-26 17:49 <DIR> d-------- c:\program files\Virtual Earth 3D
2008-10-26 03:19 . 2008-10-26 03:21 <DIR> d-------- C:\rsit
2008-10-23 15:07 . 2008-11-10 00:24 <DIR> d-------- c:\program files\Security Task Manager
2008-10-23 15:07 . 2008-11-10 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-10-20 20:46 . 2008-10-20 20:56 <DIR> d-------- C:\PictureProject
2008-10-19 18:01 . 2008-10-19 18:01 <DIR> d-------- c:\program files\Microsoft Games
2008-10-18 17:35 . 2008-10-18 17:35 <DIR> d--hs---- c:\documents and settings\MBI\PrivacIE
2008-10-18 17:26 . 2008-10-18 17:28 <DIR> d--h-c--- c:\windows\ie8
2008-10-18 17:13 . 2008-10-18 17:13 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-18 15:53 . 2008-10-18 15:53 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-18 14:54 . 2008-10-18 21:46 <DIR> d-------- c:\documents and settings\Administrator
2008-10-18 01:12 . 2008-10-18 01:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-18 01:12 . 2008-10-18 01:12 <DIR> d-------- c:\documents and settings\MBI\Application Data\Malwarebytes
2008-10-18 01:12 . 2008-10-18 01:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-18 01:12 . 2008-10-16 19:25 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-18 01:12 . 2008-10-16 19:25 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-16 10:31 . 2008-10-16 10:31 <DIR> d-------- c:\program files\Sygate
2008-10-16 10:31 . 2004-10-15 17:32 83,096 --a------ c:\windows\system32\SSSensor.dll
2008-10-16 10:31 . 2004-10-15 17:17 60,496 --a------ c:\windows\system32\drivers\Teefer.sys
2008-10-16 10:31 . 2004-10-15 17:18 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg6n.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg5n.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg4n.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg3n.sys
2008-10-15 12:13 . 2008-10-15 13:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-10-15 12:13 . 2008-11-04 23:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 01:28 . 2008-10-18 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-15 01:27 . 2008-11-11 21:28 <DIR> d-------- C:\MRT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:04 30 ----a-w c:\documents and settings\MBI\jagex_runescape_preferences.dat
2008-11-10 16:43 --------- d-----w c:\program files\SwiftKit
2008-11-10 12:30 --------- d-----w c:\documents and settings\MBI\Application Data\OpenOffice.org2
2008-11-07 19:19 --------- d-----w c:\documents and settings\MBI\Application Data\Corel
2008-11-01 17:13 --------- d-----w c:\documents and settings\MBI\Application Data\skypePM
2008-11-01 17:13 --------- d-----w c:\documents and settings\MBI\Application Data\Skype
2008-10-18 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-18 21:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-18 15:03 2,048 ----a-w c:\windows\system32\tmp.reg
2008-10-18 00:00 --------- d-----w c:\program files\SwiftSwitch
2008-10-18 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-17 23:58 --------- d-----w c:\program files\Java
2008-10-07 19:26 --------- d-----w c:\program files\AvRack
2008-10-07 19:03 --------- d-----w c:\program files\Creative
2008-10-07 18:37 737,280 ----a-w c:\windows\iun6002.exe
2008-10-07 18:37 --------- d-----w c:\program files\Codec Pack - All In 1
2008-10-07 14:54 --------- d-----w c:\program files\Trend Micro
2008-10-06 20:05 98,304 ----a-w c:\windows\DUMP4cd7.tmp
2008-10-06 20:00 98,304 ----a-w c:\windows\DUMP5b2f.tmp
2008-10-06 19:59 98,304 ----a-w c:\windows\DUMP5ad2.tmp
2008-10-06 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-06 10:47 --------- d-----w c:\program files\Alwil Software
2008-10-06 10:30 --------- d-----w c:\program files\ICQToolbar
2008-09-30 17:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 17:02 --------- d-----w c:\program files\Google
2008-09-29 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-29 12:15 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ICQ Toolbar
2008-09-25 23:15 --------- d-----w c:\program files\ICQ6
2008-09-24 19:26 --------- d-----w c:\program files\Alex Buturuga
2008-09-21 07:31 88 --sh--r c:\documents and settings\All Users\Application Data\5A8963B446.sys
2008-09-21 07:31 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-09-20 12:54 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-09-20 12:54 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-09-13 08:29 --------- d-----w c:\documents and settings\MBI\Application Data\ICQ
2008-08-22 02:08 878,592 ----a-w c:\windows\system32\wininet.dll
2008-08-22 02:08 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-08-22 02:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 02:06 72,704 ----a-w c:\windows\system32\admparse.dll
2008-08-22 02:06 71,680 ----a-w c:\windows\system32\iesetup.dll
2008-08-22 02:06 434,176 ----a-w c:\windows\system32\vbscript.dll
2008-08-22 02:05 48,640 ------w c:\windows\system32\PrivacIE.dll
2008-08-22 02:05 48,128 ----a-w c:\windows\system32\mshtmler.dll
2008-08-22 02:05 35,840 ----a-w c:\windows\system32\imgutil.dll
2008-08-22 02:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 01:57 156,160 ----a-w c:\windows\system32\msls31.dll
2007-11-15 17:23 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-05 22:36 56 --sh--r c:\windows\system32\46B463895A.sys
2008-05-30 21:23 88 --sh--r c:\windows\system32\5A8963B446.sys
2008-05-30 21:23 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-10-20_13.53.47.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-19 20:42:49 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-11-11 17:57:08 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-10-19 20:42:49 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-11-11 17:57:08 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
- 2008-04-17 02:10:06 69,120 -c--a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-11-04 22:31:12 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-04-17 02:10:29 72,192 -c--a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-11-04 22:31:23 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-10-26 17:49:48 880,640 ----a-w c:\windows\assembly\GAC_32\Microsoft.MapPoint.GraphicsAPI\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.GraphicsAPI.dll
+ 2008-11-04 22:37:38 163,840 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2008-04-17 02:08:58 4,444,160 -c--a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-11-04 22:31:52 4,546,560 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-11-04 22:37:51 4,210,688 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2008-04-17 02:10:39 483,840 -c--a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-11-04 22:31:50 486,400 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-04-17 02:09:37 3,036,160 -c--a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-11-04 22:31:57 2,933,248 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-04-17 02:10:49 258,048 -c--a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-11-04 22:31:47 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-04-17 02:10:49 113,664 -c--a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-11-04 22:31:47 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-11-04 22:37:57 368,640 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2008-04-17 02:10:31 261,120 -c--a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-11-04 22:31:33 261,632 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-04-17 02:09:28 5,431,296 -c--a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-11-04 22:30:54 5,238,784 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-04-17 02:09:57 10,752 -c--a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-11-04 22:31:10 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-04-17 02:09:32 507,904 -c--a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-11-04 22:30:57 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-04-17 02:10:04 13,312 -c--a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-11-04 22:31:11 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-10-26 17:49:48 33,808 ----a-w c:\windows\assembly\GAC_MSIL\GeoCommunityCommon\2.0.0.0__31bf3856ad364e35\GeoCommunityCommon.dll
- 2008-04-17 02:10:16 8,192 -c--a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-11-04 22:31:14 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-04-17 02:10:20 77,824 -c--a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-11-04 22:31:16 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-17 02:10:22 6,656 -c--a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-11-04 22:31:18 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-11-04 22:40:14 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2008-04-17 02:10:50 348,160 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-11-04 22:31:38 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-11-04 22:40:17 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-04-17 02:10:51 36,864 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-11-04 22:31:40 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-11-04 22:40:18 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-11-04 22:40:19 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
- 2008-04-17 02:10:53 655,360 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-11-04 22:31:44 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-11-04 22:40:20 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
- 2008-04-17 02:10:55 77,824 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-11-04 22:31:46 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-04-17 02:10:24 749,568 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-11-04 22:31:24 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-10-26 17:49:43 163,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Data.CompactMapFile\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.CompactMapFile.dll
+ 2008-10-26 17:49:44 159,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Data.VirtualEarthTileDataSource\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.dll
+ 2008-10-26 17:49:43 376,832 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Data\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.dll
+ 2008-10-26 17:49:47 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.COM\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.COM.dll
+ 2008-10-26 17:49:47 356,352 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-26 17:49:47 356,352 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-26 17:49:47 356,352 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-26 17:49:46 811,008 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.dll
+ 2008-10-26 17:49:44 245,760 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Geometry\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Geometry.dll
+ 2008-10-26 17:49:44 598,016 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Graphics3D\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Graphics3D.dll
+ 2008-10-26 17:49:42 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_de_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-26 17:49:43 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-26 17:49:43 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-26 17:49:43 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_it_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-26 17:49:43 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-26 17:49:42 299,008 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.dll
+ 2008-10-26 17:49:47 299,008 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Modeling\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Modeling.dll
+ 2008-10-26 17:49:46 98,304 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Network\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Network.dll
+ 2008-10-26 17:49:45 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_de_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-26 17:49:45 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-26 17:49:45 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-26 17:49:45 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_it_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-26 17:49:45 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-26 17:49:46 135,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.Utility\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Utility.dll
+ 2008-10-26 17:49:46 249,856 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.dll
+ 2008-10-26 17:49:45 1,212,416 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.dll
+ 2008-10-26 17:49:45 98,304 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.Utility\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Utility.dll
+ 2008-10-26 17:49:46 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MapPoint.UtilityPartialTrust\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.UtilityPartialTrust.dll
+ 2008-11-04 22:37:37 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-04-17 02:10:18 110,592 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-11-04 22:31:22 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-04-17 02:10:14 372,736 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-11-04 22:31:21 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-04-17 02:10:42 28,672 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-11-04 22:31:30 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-17 02:10:11 671,744 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-11-04 22:31:20 659,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-11-04 22:40:16 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2008-04-17 02:09:15 5,632 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-11-04 22:31:55 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-04-17 02:10:46 12,800 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-11-04 22:31:32 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-04-17 02:10:09 32,768 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-11-04 22:31:19 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-10-26 17:49:48 90,112 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-10-26 17:49:48 90,112 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-10-26 17:49:48 90,112 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-10-26 17:49:48 200,704 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client\3.0.0.0__31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.dll
- 2008-04-17 02:10:08 7,168 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-11-04 22:31:17 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-11-04 22:38:06 598,016 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-11-04 22:37:49 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-11-04 22:38:07 46,104 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2008-11-04 22:38:11 196,608 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-11-04 22:38:11 139,264 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-11-04 22:38:11 397,312 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-11-04 22:38:12 163,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-11-04 22:38:12 5,283,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-11-04 22:38:15 864,256 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-11-04 22:37:56 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-11-04 22:40:21 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2008-11-04 22:37:38 110,592 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2008-04-17 02:10:26 110,592 -c--a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-11-04 22:31:48 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-11-04 22:40:23 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2008-11-04 22:40:25 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2008-11-04 22:40:42 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2008-04-17 02:10:27 81,920 -c--a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-11-04 22:31:49 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-04-17 02:09:34 425,984 -c--a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-11-04 22:31:56 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-11-04 22:40:26 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2008-11-04 22:40:27 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2008-11-04 22:40:28 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2008-11-04 22:40:29 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2008-11-04 22:40:12 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2008-11-04 22:40:09 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2008-11-04 22:40:09 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2008-11-04 22:40:10 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2008-04-17 02:09:41 741,376 -c--a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-11-04 22:31:42 745,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-04-17 02:09:44 933,888 -c--a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-11-04 22:31:37 970,752 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-04-17 02:10:56 5,070,848 -c--a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-11-04 22:31:09 5,062,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-11-04 22:40:11 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2008-04-17 02:10:52 188,416 -c--a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-11-04 22:31:29 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-04-17 02:09:58 401,408 -c--a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-11-04 22:31:34 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-04-17 02:10:45 81,920 -c--a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-11-04 22:31:07 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-17 02:09:17 630,784 -c--a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-11-04 22:31:58 626,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-11-04 22:38:17 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-11-04 22:37:39 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-11-04 22:37:40 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-11-04 22:40:32 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2008-04-17 02:10:47 372,736 -c--a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-11-04 22:31:45 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-04-17 02:10:43 258,048 -c--a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-11-04 22:31:41 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-11-04 22:40:43 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2008-04-17 02:10:37 299,008 -c--a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-11-04 22:31:39 303,104 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-04-17 02:10:34 131,072 -c--a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-11-04 22:31:36 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-11-04 22:37:41 966,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2008-04-17 02:09:20 258,048 -c--a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-11-04 22:32:02 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-11-04 22:37:48 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-11-04 22:37:48 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-11-04 22:40:07 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2008-11-04 22:37:44 5,931,008 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2008-04-17 02:09:22 114,688 -c--a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-11-04 22:32:01 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-11-04 22:38:07 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-11-04 22:40:44 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2008-11-04 22:40:46 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2008-11-04 22:40:47 225,280 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2008-11-04 22:40:33 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2008-11-04 22:40:34 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2008-11-04 22:40:48 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2008-11-04 22:40:49 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2008-04-17 02:09:52 884,736 -c--a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-11-04 22:31:02 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-04-17 02:09:55 90,112 -c--a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-11-04 22:30:58 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-11-04 22:40:51 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2008-04-17 02:09:49 839,680 -c--a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-11-04 22:31:00 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-04-17 02:10:01 5,013,504 -c--a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-11-04 22:31:03 5,025,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-11-04 22:40:35 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2008-11-04 22:38:01 1,138,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-11-04 22:38:02 1,630,208 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-11-04 22:38:04 540,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-11-04 22:40:08 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2008-11-04 22:40:37 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2008-04-17 02:09:25 2,068,480 -c--a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-11-04 22:32:00 2,048,000 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-04-17 02:09:47 3,076,096 -c--a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-11-04 22:31:25 3,149,824 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-11-04 22:38:08 167,936 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-11-04 22:38:10 385,024 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-11-04 22:37:58 40,960 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-11-04 22:37:58 98,304 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-11-04 22:37:58 1,245,184 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-11-04 22:38:10 94,208 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-11-05 08:18:11 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2008-11-05 08:18:16 842,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2008-11-05 08:17:50 409,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2008-11-05 08:20:08 220,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2008-11-05 08:19:58 14,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2008-11-05 08:20:09 222,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2008-11-05 08:20:05 1,886,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2008-11-05 08:20:12 838,656 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2008-11-05 08:20:14 65,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2008-11-05 08:20:00 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2008-11-05 08:20:20 1,620,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2008-11-05 08:20:27 1,965,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2008-11-05 08:20:29 175,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2008-11-05 08:20:28 144,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2008-11-05 08:22:51 2,332,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
+ 2008-11-05 08:19:16 1,175,040 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1ad656b21c4db8e0483eeca50c2f35ee\Microsoft.MapPoint.Data.ni.dll
+ 2008-11-05 08:19:33 344,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\269ed03f0928936f760cf4d4db58fa93\Microsoft.MapPoint.Utility.ni.dll
+ 2008-11-05 08:19:31 1,498,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\299d5fabf040024cf1ebba7ac62aecc3\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2008-11-05 08:19:02 4,247,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\2f872a4d7a4b119c38855c97b82ff295\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2008-11-05 08:19:49 409,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\4fedac2e212be411dae87d0c39655b2e\Microsoft.MapPoint.Network.ni.dll
+ 2008-11-05 08:19:41 1,806,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\53b080770ba09ad24c0f69859b59a89d\Microsoft.MapPoint.Modeling.ni.dll
+ 2008-11-05 08:18:24 538,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\54f067652fdae4d7585ea590f07a19cb\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2008-11-05 08:19:56 1,412,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\59ad10148272654a34ceb55cb33a1f2e\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2008-11-05 08:19:11 254,976 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\650483e71fceaffadff4ef5c4045a420\Microsoft.MapPoint.UtilityPartialTrust.ni.dll
+ 2008-11-05 08:19:45 759,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\6f91118ccb5a945e465ac660c2727009\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2008-11-05 08:19:06 438,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\8a9d2fc49b5fde48f46a1ff413ad0799\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2008-11-05 08:19:09 819,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\b9bf28ad7389e3de5c3f5035fea6bd9e\Microsoft.MapPoint.Geometry.ni.dll
+ 2008-11-05 08:19:47 434,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\c8b874db2d407711505a6889f15b3d75\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
+ 2008-11-05 08:19:26 2,592,256 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cfb9203154f1fb5abec11e70cee5a1b8\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2008-11-05 08:17:55 1,092,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2008-11-05 08:17:57 386,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-11-05 08:20:35 1,711,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
+ 2008-11-05 08:19:32 15,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f0e9a97ade4529d4caeccd467aa8e7db\Microsoft.VisualC.ni.dll
+ 2008-11-05 08:22:52 55,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
+ 2008-11-05 08:19:59 133,632 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2008-11-04 22:42:35 11,485,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
+ 2008-11-04 22:43:25 1,451,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b6bfb51dec7f8cc42c21c5928470c773\PresentationBuildTasks.ni.dll
+ 2008-11-04 22:43:31 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\487c1bc20f6e73e8e79503898d17d102\PresentationCFFRasterizer.ni.dll
+ 2008-11-04 22:49:20 12,213,248 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
+ 2008-11-04 22:49:42 47,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
+ 2008-11-04 22:56:21 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\79c2fd29b1e46c943960278051b4e1b9\PresentationFramework.Royale.ni.dll
+ 2008-11-04 22:56:00 14,320,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
+ 2008-11-04 22:56:11 368,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e71fd0d299c5668c96a54e4a63479fa\PresentationFramework.Aero.ni.dll
+ 2008-11-04 22:56:18 539,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
+ 2008-11-04 22:56:16 224,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ef1a93d10c3a91b728745dbfcc79c2c7\PresentationFramework.Classic.ni.dll
+ 2008-11-04 22:56:34 1,656,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\87fb973e4ab6a21fd00e45656fa7c115\PresentationUI.ni.dll
+ 2008-11-04 22:56:50 2,125,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5c59991df60164cae10fd81b88a8e5b1\ReachFramework.ni.dll
+ 2008-11-05 08:18:01 319,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2008-11-05 08:18:03 255,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2008-11-05 08:18:05 365,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2008-11-05 08:20:40 82,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2008-11-05 08:20:39 632,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2008-11-05 08:20:42 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2008-11-05 08:22:41 140,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
+ 2008-11-05 08:18:28 970,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2008-11-04 22:57:13 2,294,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
+ 2008-11-05 08:20:45 135,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2008-11-05 08:22:08 755,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2008-11-05 08:22:02 9,903,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
+ 2008-11-04 22:58:26 2,510,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll
+ 2008-11-05 08:22:25 354,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2008-11-05 08:22:23 939,520 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2008-11-05 08:22:17 1,326,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
+ 2008-11-05 08:18:37 2,508,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2008-11-04 22:57:58 6,614,016 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
+ 2008-11-05 08:18:44 1,800,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2008-11-04 22:59:19 10,681,344 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
+ 2008-11-05 08:22:35 455,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
+ 2008-11-05 08:22:29 1,116,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2008-11-05 08:22:33 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2008-11-04 22:59:36 208,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
+ 2008-11-04 22:59:32 1,587,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
+ 2008-11-05 08:22:38 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2008-11-05 08:22:38 280,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2008-11-04 23:06:24 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
+ 2008-11-04 23:06:21 1,056,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
+ 2008-11-04 23:06:26 381,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
+ 2008-11-05 08:22:41 330,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2008-11-05 08:22:44 997,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
+ 2008-11-05 08:22:55 620,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2008-11-04 22:59:41 1,035,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\db428f231a2ccaf490ae219efd2edc69\System.Printing.ni.dll
+ 2008-11-05 08:18:41 311,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-11-04 23:06:36 2,338,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
+ 2008-11-05 08:18:39 676,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2008-11-05 08:23:05 1,705,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
+ 2008-11-05 08:17:43 17,313,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
+ 2008-11-05 08:23:07 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2008-11-04 22:59:50 1,912,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2e7a6c977ac9f8d46ebe2982697a0c8d\System.Speech.ni.dll
+ 2008-11-05 08:23:09 627,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2008-11-05 08:23:38 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2008-11-05 08:23:51 36,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2008-11-05 08:23:50 542,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
+ 2008-11-05 08:23:56 301,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2008-11-05 08:23:53 328,192 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2008-11-05 08:23:47 2,400,256 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
+ 2008-11-05 08:24:00 858,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2008-11-05 08:24:07 2,209,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2008-11-05 08:24:08 202,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
+ 2008-11-05 08:23:40 129,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2008-11-05 08:24:14 1,840,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2008-11-05 08:23:35 11,791,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2008-11-04 23:00:30 12,428,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
+ 2008-11-05 08:24:22 37,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
+ 2008-11-05 08:24:33 2,989,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2008-11-05 08:24:48 4,510,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2008-11-05 08:24:57 1,904,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2008-11-05 08:25:03 1,355,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
+ 2008-11-05 08:25:06 400,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2008-11-04 23:00:47 5,449,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
+ 2008-11-04 22:43:06 7,867,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
+ 2008-11-04 23:00:51 447,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d255ab525d10d8fefe5df9ba092b2df8\UIAutomationClient.ni.dll
+ 2008-11-04 23:00:55 1,049,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8698f073a59ef0db10a3258b1f1deaee\UIAutomationClientsideProviders.ni.dll
+ 2008-11-04 23:00:56 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f5c0e1b77c840d99a68897898317b79\UIAutomationProvider.ni.dll
+ 2008-11-04 23:00:57 187,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dbb2fcd246efaf3df823410597cd1677\UIAutomationTypes.ni.dll
+ 2008-11-04 22:43:46 3,311,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
+ 2008-11-04 23:01:00 239,616 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a18dff8832712a0f6cccaaefbcc45861\WindowsFormsIntegration.ni.dll
+ 2008-11-05 08:18:07 321,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
+ 2005-08-24 12:07:02 104,088 ----a-w c:\windows\Downloaded Installations\Macromedia Fireworks 8\FW_Client_Installer.exe
+ 2008-07-06 12:06:10 89,088 ------w c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2008-07-06 12:06:10 765,440 ------w c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 198,656 ------w c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2008-07-06 12:06:10 373,248 ------w c:\windows\Driver Cache\i386\unidrv.dll
+ 2008-07-06 12:06:10 744,960 ------w c:\windows\Driver Cache\i386\unidrvui.dll
+ 2008-03-13 04:52:36 761,344 ------w c:\windows\Driver Cache\i386\unires.dll
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\10-27-2008\ERDNT.EXE
+ 2008-10-27 19:16:22 9,846,784 ----a-w c:\windows\ERDNT\10-27-2008\Users\00000001\NTUSER.DAT
+ 2008-10-27 19:16:22 352,256 ----a-w c:\windows\ERDNT\10-27-2008\Users\00000002\UsrClass.dat
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-11-04 18:37:25 65,536 ----a-r c:\windows\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\ARPPRODUCTICON.exe
+ 2008-11-04 18:37:25 65,536 ----a-r c:\windows\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\Fireworks.exe_4C24A8C17CFA4650AF15732F5BD7B46D.exe
+ 2008-11-04 18:37:25 65,536 ----a-r c:\windows\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\NewShortcut3_4C24A8C17CFA4650AF15732F5BD7B46D.exe
+ 2008-11-04 18:37:25 65,536 ----a-r c:\windows\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\NewShortcut4_4C24A8C17CFA4650AF15732F5BD7B46D.exe
- 2007-10-24 00:47:38 82,944 -c--a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-25 11:16:58 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2007-10-24 00:47:38 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 11:16:58 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2007-10-24 00:47:40 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2007-10-24 00:47:42 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2007-10-24 00:47:40 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 00:47:38 97,280 -c--a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 11:16:58 96,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2007-10-24 00:47:26 28,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 11:16:42 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2007-10-24 00:47:30 145,408 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-07-25 11:16:48 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2007-10-24 00:47:32 13,824 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 11:16:50 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 00:47:48 193,016 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 11:17:10 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2007-10-24 00:47:20 218,112 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 11:16:36 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 00:47:40 10,752 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 11:17:00 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2007-10-24 00:47:42 147,968 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 11:17:02 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2007-10-24 00:47:26 99,320 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 11:16:44 98,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-10-24 00:47:42 59,392 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 11:17:02 58,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2007-10-24 00:47:22 36,864 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 11:16:40 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-10-24 00:47:22 22,024 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 11:16:40 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 00:47:22 17,928 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 11:16:40 17,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-10-24 00:47:22 33,288 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 11:16:40 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-10-24 00:47:22 84,480 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 11:16:38 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2007-10-24 00:47:22 24,576 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 11:16:40 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-10-24 00:47:22 32,776 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 11:16:40 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2007-10-24 00:47:22 106,496 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 11:16:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 00:47:22 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 11:16:40 34,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-10-24 00:47:22 33,280 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 11:16:40 33,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-10-24 00:47:22 507,904 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 11:16:40 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2007-10-24 00:47:40 106,496 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 11:17:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-10-24 00:47:40 101,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-07-25 11:17:00 89,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2007-10-24 00:47:30 80,376 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 11:16:50 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2007-10-24 00:47:30 1,162,744 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-07-25 11:16:50 1,163,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2007-10-24 00:47:30 13,312 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 11:16:50 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 00:47:42 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 11:17:02 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 00:47:40 69,120 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 11:17:00 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2007-10-24 00:47:30 35,320 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 11:16:50 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 00:47:28 66,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 11:16:46 62,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-10-24 00:47:28 5,120 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 11:16:46 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2007-10-24 00:47:54 572,936 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 11:17:16 575,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2007-10-24 00:47:40 798,224 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 11:17:00 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2007-10-24 00:47:36 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 11:16:58 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-10-24 00:47:40 9,728 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 11:17:00 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-10-24 00:47:40 8,192 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 11:17:02 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 00:47:40 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 11:17:00 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 00:47:40 6,656 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 11:17:00 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-10-24 00:47:40 230,904 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 11:17:00 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 00:47:40 28,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 11:17:00 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-10-24 00:47:40 65,032 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 11:17:00 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2007-10-24 00:47:40 72,192 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 11:17:00 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 00:47:34 40,960 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 11:16:54 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 00:47:36 348,160 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 11:16:56 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2007-10-24 00:47:36 36,864 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 11:16:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-10-24 00:47:36 655,360 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 11:16:56 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 00:47:36 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 11:16:56 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-10-24 00:47:34 749,568 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 11:16:54 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2007-10-24 00:47:52 110,592 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 11:17:14 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 00:47:52 372,736 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 11:17:14 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 00:47:50 671,744 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 11:17:12 659,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2007-10-24 00:47:20 28,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 11:16:38 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 00:47:52 5,632 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 11:17:16 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 00:47:20 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 11:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 00:47:20 12,800 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 11:16:38 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-24 00:47:20 7,168 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 11:16:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 00:47:22 97,792 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 11:16:40 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2007-10-24 00:47:36 69,632 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 11:16:56 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 00:47:40 822,280 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 11:17:02 998,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2007-10-24 00:47:40 83,456 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 11:17:00 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2007-10-24 00:47:40 308,224 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 11:17:00 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-10-24 00:47:40 47,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 11:17:00 46,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-10-24 00:47:40 348,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 11:17:00 367,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2007-10-24 00:47:40 94,208 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 11:17:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-10-24 00:47:40 4,444,160 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 11:17:00 4,546,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-10-24 00:47:40 114,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-07-25 11:17:00 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2007-10-24 00:47:44 340,992 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 11:17:04 345,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2007-10-24 00:47:40 77,312 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 11:17:00 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2007-10-24 00:47:36 18,944 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 11:16:58 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-10-24 00:47:40 242,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 11:17:02 230,912 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-10-24 00:47:40 70,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 11:17:02 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2007-10-24 00:47:40 19,456 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 11:17:02 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-10-24 00:47:36 5,814,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-07-25 11:16:58 5,815,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2007-10-24 00:47:44 31,744 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 11:17:04 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-10-24 00:47:40 101,880 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 11:17:02 100,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-10-24 00:47:40 24,584 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 11:17:02 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 00:47:40 89,096 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 11:17:02 88,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-10-24 00:47:36 144,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 11:16:58 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2007-10-24 00:47:40 53,248 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 11:17:00 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2007-10-24 00:47:40 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 11:17:00 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-24 00:47:46 61,952 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 11:17:06 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2007-10-24 00:47:42 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 00:47:40 119,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 11:17:00 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2007-10-24 00:47:44 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 11:17:04 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-10-24 00:47:40 392,696 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 11:17:02 392,184 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-10-24 00:47:40 110,592 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 11:17:02 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-10-24 00:47:42 425,984 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 11:17:02 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2007-10-24 00:47:40 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 11:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 00:47:40 3,036,160 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-07-25 11:17:00 2,933,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-10-24 00:47:40 483,840 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 11:17:02 486,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-10-24 00:47:40 741,376 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-07-25 11:17:02 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-10-24 00:47:28 933,888 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 11:16:46 970,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-10-24 00:47:40 5,070,848 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 11:17:00 5,062,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2007-10-24 00:47:40 401,408 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 11:17:00 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-10-24 00:47:40 188,416 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 11:17:02 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-10-24 00:47:40 3,076,096 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 11:17:00 3,149,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2007-10-24 00:47:40 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 11:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-10-24 00:47:40 630,784 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 11:17:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-10-24 00:47:40 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 11:17:02 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-10-24 00:47:40 57,392 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 11:17:02 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-10-24 00:47:40 113,664 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 11:17:02 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 00:47:40 372,736 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 11:17:00 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2007-10-24 00:47:40 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 11:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-10-24 00:47:40 299,008 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 11:17:00 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2007-10-24 00:47:40 131,072 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 11:17:00 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-24 00:47:40 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 11:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2007-10-24 00:47:40 114,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 11:17:00 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 00:47:40 261,120 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 11:17:02 261,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-10-24 00:47:40 5,431,296 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 11:17:00 5,238,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2007-10-24 00:47:40 884,736 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 11:17:02 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2007-10-24 00:47:40 90,112 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 11:17:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2007-10-24 00:47:40 839,680 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 11:17:00 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-10-24 00:47:40 5,013,504 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-07-25 11:17:00 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-10-24 00:47:40 2,068,480 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 11:17:00 2,048,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2007-10-24 00:47:40 81,400 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 11:17:02 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-10-24 00:47:48 1,172,472 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 11:17:10 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-10-24 00:47:20 1,344,000 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 11:16:38 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-10-24 00:47:22 434,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 11:16:40 438,272 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2007-10-24 00:47:40 37,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 11:17:02 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-29 19:16:38 168,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-07-29 19:24:50 881,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 19:16:38 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 19:16:38 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 19:16:38 11,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-29 19:16:38 156,688 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 19:16:38 20,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 19:16:38 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 19:16:38 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 19:16:38 966,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 19:16:38 5,931,008 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-29 19:16:38 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 19:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 19:16:38 152,576 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 19:32:52 17,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 21:10:04 806,928 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 21:10:04 4,883,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-29 21:10:04 2,637,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 21:10:04 71,160 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 19:59:58 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 21:10:04 46,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 19:59:58 132,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 20:35:46 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 19:59:58 1,738,760 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 23:40:48 168,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 23:40:48 233,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 23:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 23:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 23:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 23:40:48 1,548,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-29 23:40:48 78,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 23:40:48 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 23:15:24 225,490 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 18:47:34 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 18:47:34 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 18:47:34 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 18:47:34 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 18:47:34 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 18:47:34 113,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 18:47:34 84,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 18:47:34 125,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 18:47:34 126,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 18:47:34 130,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 18:47:34 137,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 18:47:34 122,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 18:47:34 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 18:47:34 111,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 18:47:34 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 18:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 18:47:34 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 18:47:34 94,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 18:47:34 129,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 18:47:34 121,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 18:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 18:47:34 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 18:47:34 123,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 18:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 18:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 18:47:34 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 18:47:34 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 18:47:34 131,584 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 18:47:34 110,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 18:47:34 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 18:47:34 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 18:47:34 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-29 18:47:34 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 18:47:34 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 18:47:34 102,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 18:47:34 89,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 18:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 18:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 18:47:34 111,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 18:47:34 113,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 18:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 18:47:34 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 18:47:34 101,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 18:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 18:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 18:47:34 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 18:47:34 92,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 18:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 18:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 18:47:34 109,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 18:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 18:47:34 107,000 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 18:47:34 105,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 18:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 18:47:34 89,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 18:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 18:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 18:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 18:47:34 984,056 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 23:40:48 802,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 23:40:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 23:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 23:40:48 91,136 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 23:40:48 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-29 23:40:48 1,720,824 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 23:40:48 196,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 23:40:48 70,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 08:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 08:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2007-10-24 00:47:28 96,760 ----a-w c:\windows\system32\dfshim.dll
+ 2008-07-25 11:16:46 96,760 ----a-w c:\windows\system32\dfshim.dll
+ 2008-07-29 21:10:04 73,720 ----a-w c:\windows\system32\dxva2.dll
+ 2008-07-29 21:10:04 493,048 ----a-w c:\windows\system32\evr.dll
- 2008-10-20 01:09:18 142,032 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-09 11:01:38 140,440 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2001-09-05 21:00:58 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
+ 2008-07-29 19:24:50 622,080 ----a-w c:\windows\system32\icardagt.exe
+ 2008-07-29 19:24:50 11,264 ----a-w c:\windows\system32\icardres.dll
+ 2008-07-29 19:24:50 97,800 ----a-w c:\windows\system32\infocardapi.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-10-26 13:23:12 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-10-24 00:47:38 282,112 ----a-w c:\windows\system32\mscoree.dll
+ 2008-07-25 11:16:58 282,112 ----a-w c:\windows\system32\mscoree.dll
- 2007-10-24 00:47:38 158,720 -c--a-w c:\windows\system32\mscorier.dll
+ 2008-07-25 11:16:58 158,720 ----a-w c:\windows\system32\mscorier.dll
- 2007-10-24 00:47:38 84,480 ----a-w c:\windows\system32\mscories.dll
+ 2008-07-25 11:16:58 83,968 ----a-w c:\windows\system32\mscories.dll
- 2007-10-24 00:47:44 15,360 -c--a-w c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 11:17:04 15,360 ----a-w c:\windows\system32\mui\0409\mscorees.dll
- 2008-10-07 17:06:14 59,780 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-04 22:39:47 67,312 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-07 17:06:14 397,560 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-04 22:39:47 432,356 ----a-w c:\windows\system32\perfh009.dat
+ 2008-07-29 19:59:58 105,016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2008-07-29 20:35:46 326,160 ----a-w c:\windows\system32\PresentationHost.exe
+ 2008-07-29 19:59:58 43,544 ----a-w c:\windows\system32\PresentationHostProxy.dll
+ 2008-07-29 19:59:58 781,344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
+ 2006-08-24 16:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2008-07-06 12:06:10 198,656 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2008-07-06 12:06:10 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2008-07-06 12:06:10 744,960 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2008-03-13 04:52:36 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2008-07-06 12:06:10 89,088 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2008-07-06 10:50:03 597,504 ------w c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2008-07-06 12:06:10 147,456 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2008-07-06 17:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2008-07-06 17:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2008-07-29 21:10:04 26,112 ----a-w c:\windows\system32\TsWpfWrp.exe
+ 2008-07-29 19:59:58 161,296 ----a-w c:\windows\system32\UIAutomationCore.dll
+ 2008-07-29 21:26:06 301,568 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
- 2008-10-20 12:22:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6cc.dat
+ 2008-11-11 09:14:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6cc.dat
- 2008-04-17 02:10:16 8,192 -c--a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-11-04 22:31:14 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-25 11:17:20 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-25 11:17:20 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 11:17:20 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2007-11-06 20:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 01:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 01:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2008-04-17 02:10:49 258,048 -c--a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-11-04 22:31:47 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-17 02:10:49 113,664 -c--a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-11-04 22:31:47 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-06-19 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Games\\SwiftSwitch\\SwiftSwitch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Games\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys [ ]
S1 sbpcint4;SB PCI128;c:\windows\system32\DRIVERS\sbpcint4.sys [ ]
S3 BAGNP;BAGNP;c:\docume~1\MBI\LOCALS~1\Temp\BAGNP.exe [ ]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S4 KHGCCI;KHGCCI;c:\docume~1\MBI\LOCALS~1\Temp\KHGCCI.exe [ ]
S4 KPKXTQY;KPKXTQY;c:\docume~1\MBI\LOCALS~1\Temp\KPKXTQY.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69c9872-185b-11dd-b80d-806d6172696f}]
\Shell\AutoRun\command - F:\Launch.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\MBI\Application Data\Mozilla\Firefox\Profiles\irz4lwdy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 21:33:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-11-11 21:37:03
ComboFix-quarantined-files.txt 2008-11-11 21:36:16
ComboFix2.txt 2008-10-20 12:55:38
ComboFix3.txt 2008-10-18 16:31:57

Pre-Run: 28,335,316,992 bytes free
Post-Run: 28,517,818,368 bytes free

962 --- E O F --- 2008-11-11 07:29:49

LIST OF PROBLEMS THAT STILL NEED TO BE FIXED

1. Inevitable updates for my windows cannot be installed. Wether manually, automatically, or before windows shutdown. In my Pandascan log there is a list of vulnerabilities, I've checked some of them and they lead to this problem.

2. I am getting an error when I shut down the computer, I don't remember it's name so I'll edit this post and write it down next time I'll start my computer.

3. My java is not working well, takes to much of processor usage. I will try to reinstall it, if that won't solve the problem, I'll tell you.


FRESH RSIT LOG

Logfile of random's system information tool 1.04 (written by random/random)
Run by MBI at 2008-11-11 21:56:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (37%) free of 74 GB
Total RAM: 1279 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:01, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\MRT\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MBI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programy\YouTube Video Converter\upod_link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BAGNP - Unknown owner - C:\DOCUME~1\MBI\LOCALS~1\Temp\BAGNP.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 5340 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-05 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WebEye\WebEye.exe"="C:\Program Files\WebEye\WebEye.exe:*:Enabled:SocketAPI"
"C:\Games\SwiftSwitch\SwiftSwitch.exe"="C:\Games\SwiftSwitch\SwiftSwitch.exe:*:Enabled:Utility for RuneScape"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Games\FlatOut2\FlatOut2.exe"="C:\Games\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69c9872-185b-11dd-b80d-806d6172696f}]
shell\AutoRun\command - F:\Launch.exe


======List of files/folders created in the last 3 months======

2008-11-11 21:37:04 ----A---- C:\ComboFix.txt
2008-11-11 09:16:58 ----D---- C:\WINDOWS\LastGood
2008-11-07 19:11:18 ----SHD---- C:\Config.Msi
2008-11-07 18:50:58 ----D---- C:\Fotky
2008-11-07 16:06:06 ----RASHD---- C:\autorun.inf
2008-11-04 22:59:53 ----D---- C:\Program Files\CCleaner
2008-11-04 22:49:38 ----D---- C:\Documents and Settings\MBI\Application Data\uniblue
2008-11-04 22:48:26 ----D---- C:\Program Files\Uniblue
2008-11-04 22:38:16 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-04 22:38:04 ----D---- C:\Program Files\MSBuild
2008-11-04 22:37:36 ----D---- C:\Program Files\Reference Assemblies
2008-11-04 22:35:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-11-04 22:35:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-11-04 22:35:52 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-11-04 18:36:51 ----D---- C:\Program Files\Common Files\Macromedia
2008-11-04 18:36:39 ----D---- C:\Program Files\Macromedia
2008-11-04 18:36:39 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-11-02 01:19:46 ----D---- C:\_OTMoveIt
2008-10-30 23:43:31 ----D---- C:\Program Files\Panda Security
2008-10-27 19:14:25 ----D---- C:\Program Files\ERUNT
2008-10-26 17:49:01 ----D---- C:\Program Files\Virtual Earth 3D
2008-10-26 03:19:59 ----D---- C:\rsit
2008-10-23 15:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-23 15:07:26 ----D---- C:\Program Files\Security Task Manager
2008-10-20 20:46:41 ----D---- C:\PictureProject
2008-10-20 12:45:37 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-19 18:01:08 ----D---- C:\Program Files\Microsoft Games
2008-10-18 21:56:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-18 17:26:53 ----HDC---- C:\WINDOWS\ie8
2008-10-18 17:13:15 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-18 16:32:06 ----D---- C:\WINDOWS\temp
2008-10-18 15:53:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-18 15:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2008-10-18 15:16:00 ----A---- C:\WINDOWS\zip.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\VFIND.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWSC.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWREG.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\sed.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\grep.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\fdsv.exe
2008-10-18 15:15:48 ----D---- C:\WINDOWS\ERDNT
2008-10-18 15:15:48 ----D---- C:\Qoobox
2008-10-18 14:53:57 ----SHD---- C:\WINDOWS\CSC
2008-10-18 01:12:15 ----D---- C:\Documents and Settings\MBI\Application Data\Malwarebytes
2008-10-18 01:12:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 01:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 10:31:44 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-10-16 10:31:40 ----D---- C:\Program Files\Sygate
2008-10-15 16:04:52 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2008-10-15 12:13:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 12:13:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 01:28:24 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-15 01:27:39 ----D---- C:\MRT
2008-10-14 22:30:36 ----A---- C:\RootkitReveal.txt
2008-10-08 15:22:11 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-08 15:22:11 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-08 15:22:11 ----A---- C:\WINDOWS\system32\java.exe
2008-10-07 19:26:06 ----N---- C:\WINDOWS\avrack.ini
2008-10-07 19:03:37 ----A---- C:\WINDOWS\SBWIN.INI
2008-10-07 19:03:31 ----A---- C:\WINDOWS\system32\MFCUIA32.DLL
2008-10-07 19:03:31 ----A---- C:\WINDOWS\system32\MFCANS32.DLL
2008-10-07 19:03:31 ----A---- C:\WINDOWS\CTRES.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\system32\CTWFLT32.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\system32\CTL3D.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\CTCCW.DLL
2008-10-07 19:03:19 ----A---- C:\WINDOWS\uninst.exe
2008-10-07 19:01:30 ----D---- C:\Program Files\Creative
2008-10-07 18:25:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-07 18:25:41 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-07 17:04:10 ----D---- C:\WINDOWS\Prefetch
2008-10-07 16:42:35 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-07 16:11:58 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-07 16:11:58 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-07 16:11:29 ----RA---- C:\WINDOWS\SET213.tmp
2008-10-07 16:11:24 ----RA---- C:\WINDOWS\SET207.tmp
2008-10-07 16:11:21 ----RA---- C:\WINDOWS\SET204.tmp
2008-10-07 15:41:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-07 15:06:09 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-07 15:05:53 ----A---- C:\rapport.txt
2008-10-07 14:54:44 ----D---- C:\Program Files\Trend Micro
2008-10-06 21:16:15 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-06 20:30:02 ----D---- C:\SDFix
2008-10-06 11:25:44 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-06 10:47:37 ----D---- C:\Program Files\Alwil Software
2008-09-29 01:45:21 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-29 01:45:21 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-29 01:45:19 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-29 01:45:18 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-29 01:45:18 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-29 01:45:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-29 01:45:14 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-29 01:45:14 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-29 01:45:12 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-29 01:45:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-29 01:45:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-29 01:45:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-29 01:45:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-29 01:45:04 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-29 01:45:03 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-29 01:45:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-29 01:45:00 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-29 01:45:00 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-29 01:44:57 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-29 01:44:53 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-29 01:44:47 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-29 01:44:38 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-29 01:43:28 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-29 01:43:04 ----D---- C:\WINDOWS\Logs
2008-09-29 00:52:29 ----D---- C:\WINDOWS\nvidia icons
2008-09-29 00:50:07 ----D---- C:\NVIDIA
2008-09-29 00:10:03 ----D---- C:\WINDOWS\system32\scripting
2008-09-29 00:10:03 ----D---- C:\WINDOWS\l2schemas
2008-09-29 00:10:02 ----D---- C:\WINDOWS\system32\en
2008-09-29 00:10:01 ----D---- C:\WINDOWS\system32\bits
2008-09-29 00:05:07 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-24 19:26:46 ----D---- C:\Program Files\Alex Buturuga
2008-09-10 05:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-05 16:50:26 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-05 16:50:18 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 16:50:13 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-05 16:50:13 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-05 16:49:43 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-05 16:49:43 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-05 16:49:27 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-05 16:49:24 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-05 16:49:22 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slserv.exe
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slgen.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\slrundll.exe
2008-09-05 16:49:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-05 16:49:08 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-09-05 16:49:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-05 16:49:03 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-05 16:49:01 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-05 16:48:55 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-05 16:48:50 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-05 16:48:30 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-05 16:48:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-05 16:48:24 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-05 16:47:48 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-05 16:47:25 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-05 16:47:23 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-05 16:47:21 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-05 16:46:50 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-09-05 16:46:50 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-09-05 16:46:46 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-05 16:46:36 ----A---- C:\WINDOWS\003034_.tmp
2008-09-05 16:46:35 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-05 16:46:33 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-05 16:46:33 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-05 16:46:28 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-05 16:46:28 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-05 16:46:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-05 16:46:23 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-05 16:46:14 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-05 16:46:14 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-05 16:46:13 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-05 16:46:13 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-05 16:46:12 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-09-05 16:46:12 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-05 16:46:05 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-22 02:05:00 ----N---- C:\WINDOWS\system32\PrivacIE.dll
2008-08-12 22:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-12 22:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-12 22:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-12 22:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-12 22:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$

======List of files/folders modified in the last 3 months======

2008-11-11 21:37:11 ----D---- C:\WINDOWS\system32
2008-11-11 21:37:06 ----D---- C:\WINDOWS
2008-11-11 21:33:36 ----A---- C:\WINDOWS\system.ini
2008-11-11 21:32:26 ----D---- C:\WINDOWS\system32\drivers
2008-11-11 21:32:25 ----D---- C:\WINDOWS\AppPatch
2008-11-11 21:32:25 ----D---- C:\Program Files\Common Files
2008-11-11 21:29:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-11 17:08:21 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-11 09:26:59 ----HD---- C:\WINDOWS\inf
2008-11-11 09:24:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-11 09:14:59 ----D---- C:\Program Files\Mozilla Firefox
2008-11-10 16:43:51 ----D---- C:\Program Files\SwiftKit
2008-11-10 12:30:21 ----D---- C:\Documents and Settings\MBI\Application Data\OpenOffice.org2
2008-11-07 19:47:54 ----D---- C:\Lio King
2008-11-07 19:20:30 ----RD---- C:\Program Files
2008-11-07 19:20:10 ----SHD---- C:\WINDOWS\Installer
2008-11-07 19:19:20 ----D---- C:\Documents and Settings\MBI\Application Data\Corel
2008-11-07 19:18:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-07 19:14:42 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 19:07:50 ----D---- C:\WINDOWS\system32\Macromed
2008-11-07 19:07:45 ----D---- C:\Documents and Settings\MBI\Application Data\Macromedia
2008-11-07 19:03:56 ----D---- C:\MBI
2008-11-07 19:03:23 ----RD---- C:\Downloads
2008-11-05 08:25:13 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-05 08:25:06 ----RSD---- C:\WINDOWS\assembly
2008-11-05 06:44:32 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-04 23:08:39 ----D---- C:\WINDOWS\Debug
2008-11-04 23:08:38 ----D---- C:\WINDOWS\Minidump
2008-11-04 22:45:26 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-04 22:39:47 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 22:38:07 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 22:36:54 ----D---- C:\WINDOWS\system32\spool
2008-11-04 22:36:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-04 22:31:47 ----D---- C:\WINDOWS\WinSxS
2008-11-04 22:29:52 ----D---- C:\WINDOWS\system32\mui
2008-11-04 22:29:45 ----D---- C:\Program Files\Internet Explorer
2008-11-04 18:35:33 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-01 17:13:47 ----D---- C:\Documents and Settings\MBI\Application Data\Skype
2008-11-01 17:13:18 ----D---- C:\Documents and Settings\MBI\Application Data\skypePM
2008-10-27 00:40:26 ----D---- C:\WINDOWS\security
2008-10-26 17:50:59 ----SD---- C:\Documents and Settings\MBI\Application Data\Microsoft
2008-10-24 16:13:51 ----AC---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2008-10-20 12:33:08 ----SHD---- C:\System Volume Information
2008-10-20 12:33:08 ----D---- C:\WINDOWS\system32\Restore
2008-10-18 22:04:24 ----D---- C:\INSTALL
2008-10-18 21:44:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 18:27:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-18 18:27:18 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-18 17:31:30 ----D---- C:\WINDOWS\Media
2008-10-18 17:31:30 ----D---- C:\WINDOWS\Help
2008-10-18 16:17:16 ----D---- C:\WINDOWS\system32\config
2008-10-18 15:56:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-18 15:17:57 ----RASH---- C:\boot.ini
2008-10-18 14:56:35 ----D---- C:\Programy
2008-10-18 14:54:07 ----D---- C:\Documents and Settings
2008-10-18 00:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-18 00:00:10 ----D---- C:\Program Files\SwiftSwitch
2008-10-17 23:58:35 ----D---- C:\Program Files\Java
2008-10-14 10:50:17 ----AC---- C:\WINDOWS\CDSEDB01.INI
2008-10-08 15:22:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 19:26:25 ----D---- C:\WINDOWS\system
2008-10-07 19:26:08 ----D---- C:\Program Files\AvRack
2008-10-07 18:43:53 ----AC---- C:\WINDOWS\RtlRack.ini
2008-10-07 18:37:34 ----D---- C:\Program Files\Codec Pack - All In 1
2008-10-07 18:37:05 ----A---- C:\WINDOWS\iun6002.exe
2008-10-07 18:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-07 18:25:15 ----D---- C:\Program Files\Windows Media Player
2008-10-07 17:06:48 ----D---- C:\WINDOWS\system32\Setup
2008-10-07 17:06:32 ----D---- C:\WINDOWS\system32\usmt
2008-10-07 17:06:02 ----D---- C:\WINDOWS\mui
2008-10-07 17:06:02 ----D---- C:\WINDOWS\ehome
2008-10-07 17:06:00 ----D---- C:\WINDOWS\ime
2008-10-07 17:05:56 ----D---- C:\WINDOWS\Registration
2008-10-07 17:05:41 ----D---- C:\WINDOWS\PeerNet
2008-10-07 17:05:22 ----D---- C:\WINDOWS\system32\npp
2008-10-07 17:05:11 ----D---- C:\WINDOWS\msagent
2008-10-07 17:00:49 ----D---- C:\WINDOWS\twain_32
2008-10-07 16:59:33 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 16:58:44 ----D---- C:\WINDOWS\system32\1033
2008-10-07 16:57:16 ----D---- C:\WINDOWS\Driver Cache
2008-10-07 16:52:29 ----D---- C:\WINDOWS\system32\oobe
2008-10-07 16:52:29 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-07 16:52:25 ----D---- C:\WINDOWS\nview
2008-10-07 16:49:24 ----D---- C:\Program Files\Movie Maker
2008-10-07 16:49:09 ----D---- C:\Program Files\Outlook Express
2008-10-07 16:49:08 ----D---- C:\Program Files\Common Files\System
2008-10-07 16:48:39 ----D---- C:\WINDOWS\srchasst
2008-10-07 16:48:11 ----D---- C:\Program Files\NetMeeting
2008-10-07 16:43:29 ----D---- C:\WINDOWS\system32\ias
2008-10-07 16:42:42 ----AC---- C:\WINDOWS\ODBCINST.INI
2008-10-07 16:42:40 ----RD---- C:\WINDOWS\Web
2008-10-07 16:42:24 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-07 16:40:02 ----D---- C:\WINDOWS\system32\Com
2008-10-07 16:39:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-07 16:38:49 ----D---- C:\Program Files\Windows NT
2008-10-07 16:11:42 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-07 11:19:42 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-06 20:05:15 ----A---- C:\WINDOWS\DUMP4cd7.tmp
2008-10-06 20:00:35 ----A---- C:\WINDOWS\DUMP5b2f.tmp
2008-10-06 19:59:18 ----A---- C:\WINDOWS\DUMP5ad2.tmp
2008-10-06 10:30:51 ----D---- C:\Program Files\ICQToolbar
2008-09-30 17:02:18 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-30 17:02:08 ----D---- C:\Program Files\Google
2008-09-29 20:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-29 11:03:06 ----D---- C:\Games
2008-09-29 01:45:24 ----D---- C:\WINDOWS\system32\DirectX
2008-09-29 00:51:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-29 00:16:36 ----D---- C:\Program Files\Messenger
2008-09-29 00:10:26 ----D---- C:\WINDOWS\network diagnostic
2008-09-25 23:15:55 ----D---- C:\Program Files\ICQ6
2008-09-13 08:29:15 ----D---- C:\Documents and Settings\MBI\Application Data\ICQ
2008-08-22 02:15:56 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 02:14:40 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 02:10:34 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-08-22 02:09:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-22 02:08:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-08-22 02:08:22 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-22 02:08:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-22 02:08:06 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08:00 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07:58 ----A---- C:\WINDOWS\system32\url.dll
2008-08-22 02:07:50 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-22 02:07:50 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-22 02:07:08 ----A---- C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-22 02:06:44 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-22 02:06:40 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-22 02:06:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:06:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-22 02:06:30 ----A---- C:\WINDOWS\system32\jscript.dll
2008-08-22 02:06:30 ----A---- C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 02:06:20 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-22 02:06:16 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-22 02:06:16 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-22 02:06:02 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-22 02:05:48 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-22 02:05:34 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-22 02:05:24 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-22 02:05:22 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2008-08-22 02:05:22 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-22 02:05:20 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-22 02:05:16 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-22 02:05:14 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-22 02:05:14 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:05:10 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-22 02:05:08 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-22 02:05:00 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:04:54 ----A---- C:\WINDOWS\system32\mshta.exe
2008-08-22 01:58:12 ----A---- C:\WINDOWS\system32\ieui.dll
2008-08-22 01:57:56 ----A---- C:\WINDOWS\system32\msls31.dll
2008-08-22 01:42:22 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-12 22:03:52 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-05-16 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-05-16 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 ensqio;ensqio; C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB PCI128; C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-05 460864]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 StarWindServiceAE;StarWind AE Service; C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BAGNP;BAGNP; C:\DOCUME~1\MBI\LOCALS~1\Temp\BAGNP.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 KHGCCI;KHGCCI; C:\DOCUME~1\MBI\LOCALS~1\Temp\KHGCCI.exe []
S4 KPKXTQY;KPKXTQY; C:\DOCUME~1\MBI\LOCALS~1\Temp\KPKXTQY.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]

-----------------EOF-----------------

Edited by DJohn, 11 November 2008 - 05:03 PM.


BC AdBot (Login to Remove)

 


#32 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 11 November 2008 - 05:20 PM

HI DJohn.

No problem. Give me sometime to look over you log and show my coach.

Also I see that you didn't install the Recovery Console and you didn't run Combofix from your desktop.

Strange thing is that I saw you have Recovery Console before anyways.

Let's make the instructions more clear this time. Delete the Combofix.exe you currently have as it has been 5 days.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1,Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It
is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Post back with:
-Combofix log

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#33 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:02:30 PM

Posted 11 November 2008 - 07:28 PM

Here is the ComboFix log you asked for. I just can't figure out the importance of having it saved on the desktop...

ComboFix 08-11-10.01 - MBI 2008-11-12 0:19:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.890 [GMT 0:00]
Running from: c:\documents and settings\MBI\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-12 00:18 . 2008-11-12 00:18 <DIR> d-------- c:\windows\LastGood
2008-11-11 20:09 . 2008-11-11 20:09 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-11 20:09 . 2008-11-11 20:09 1,409 --a------ c:\windows\QTFont.for
2008-11-07 18:50 . 2008-11-07 18:58 <DIR> d-------- C:\Fotky
2008-11-04 22:59 . 2008-11-04 22:59 <DIR> d-------- c:\program files\CCleaner
2008-11-04 22:49 . 2008-11-04 22:49 <DIR> d-------- c:\documents and settings\MBI\Application Data\uniblue
2008-11-04 22:48 . 2008-11-04 22:48 <DIR> d-------- c:\program files\Uniblue
2008-11-04 22:38 . 2008-11-04 22:38 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-04 22:38 . 2008-11-04 22:38 <DIR> d-------- c:\program files\MSBuild
2008-11-04 22:37 . 2008-11-04 22:37 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-04 22:35 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-04 22:35 . 2008-07-06 12:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-04 22:35 . 2008-07-06 10:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-04 22:35 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-04 22:35 . 2008-07-06 12:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-04 22:35 . 2008-07-06 12:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-04 22:35 . 2008-07-06 12:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-04 18:36 . 2008-11-04 18:36 <DIR> d-------- c:\program files\Macromedia
2008-11-04 18:36 . 2008-11-04 18:36 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-11-02 01:19 . 2008-11-02 01:19 <DIR> d-------- C:\_OTMoveIt
2008-10-30 23:44 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-10-30 23:43 . 2008-10-30 23:43 <DIR> d-------- c:\program files\Panda Security
2008-10-27 19:14 . 2008-10-27 19:14 <DIR> d-------- c:\program files\ERUNT
2008-10-26 17:49 . 2008-10-26 17:49 <DIR> d-------- c:\program files\Virtual Earth 3D
2008-10-26 03:19 . 2008-10-26 03:21 <DIR> d-------- C:\rsit
2008-10-23 15:07 . 2008-11-10 00:24 <DIR> d-------- c:\program files\Security Task Manager
2008-10-23 15:07 . 2008-11-10 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-10-20 20:46 . 2008-10-20 20:56 <DIR> d-------- C:\PictureProject
2008-10-19 18:01 . 2008-10-19 18:01 <DIR> d-------- c:\program files\Microsoft Games
2008-10-18 17:35 . 2008-10-18 17:35 <DIR> d--hs---- c:\documents and settings\MBI\PrivacIE
2008-10-18 17:26 . 2008-10-18 17:28 <DIR> d--h-c--- c:\windows\ie8
2008-10-18 17:13 . 2008-10-18 17:13 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-18 15:53 . 2008-10-18 15:53 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-18 14:54 . 2008-10-18 21:46 <DIR> d-------- c:\documents and settings\Administrator
2008-10-18 01:12 . 2008-10-18 01:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-18 01:12 . 2008-10-18 01:12 <DIR> d-------- c:\documents and settings\MBI\Application Data\Malwarebytes
2008-10-18 01:12 . 2008-10-18 01:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-18 01:12 . 2008-10-16 19:25 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-18 01:12 . 2008-10-16 19:25 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-16 10:31 . 2008-10-16 10:31 <DIR> d-------- c:\program files\Sygate
2008-10-16 10:31 . 2004-10-15 17:32 83,096 --a------ c:\windows\system32\SSSensor.dll
2008-10-16 10:31 . 2004-10-15 17:17 60,496 --a------ c:\windows\system32\drivers\Teefer.sys
2008-10-16 10:31 . 2004-10-15 17:18 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg6n.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg5n.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg4n.sys
2008-10-16 10:31 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg3n.sys
2008-10-15 12:13 . 2008-10-15 13:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-10-15 12:13 . 2008-11-04 23:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 01:28 . 2008-10-18 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-15 01:27 . 2008-11-12 00:10 <DIR> d-------- C:\MRT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:04 30 ----a-w c:\documents and settings\MBI\jagex_runescape_preferences.dat
2008-11-10 16:43 --------- d-----w c:\program files\SwiftKit
2008-11-10 12:30 --------- d-----w c:\documents and settings\MBI\Application Data\OpenOffice.org2
2008-11-07 19:19 --------- d-----w c:\documents and settings\MBI\Application Data\Corel
2008-11-01 17:13 --------- d-----w c:\documents and settings\MBI\Application Data\skypePM
2008-11-01 17:13 --------- d-----w c:\documents and settings\MBI\Application Data\Skype
2008-10-18 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-18 21:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-18 15:03 2,048 ----a-w c:\windows\system32\tmp.reg
2008-10-18 00:00 --------- d-----w c:\program files\SwiftSwitch
2008-10-18 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-17 23:58 --------- d-----w c:\program files\Java
2008-10-07 19:26 --------- d-----w c:\program files\AvRack
2008-10-07 19:03 --------- d-----w c:\program files\Creative
2008-10-07 18:37 737,280 ----a-w c:\windows\iun6002.exe
2008-10-07 18:37 --------- d-----w c:\program files\Codec Pack - All In 1
2008-10-07 14:54 --------- d-----w c:\program files\Trend Micro
2008-10-06 20:05 98,304 ----a-w c:\windows\DUMP4cd7.tmp
2008-10-06 20:00 98,304 ----a-w c:\windows\DUMP5b2f.tmp
2008-10-06 19:59 98,304 ----a-w c:\windows\DUMP5ad2.tmp
2008-10-06 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-06 10:47 --------- d-----w c:\program files\Alwil Software
2008-10-06 10:30 --------- d-----w c:\program files\ICQToolbar
2008-09-30 17:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 17:02 --------- d-----w c:\program files\Google
2008-09-29 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-29 12:15 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ICQ Toolbar
2008-09-25 23:15 --------- d-----w c:\program files\ICQ6
2008-09-24 19:26 --------- d-----w c:\program files\Alex Buturuga
2008-09-21 07:31 88 --sh--r c:\documents and settings\All Users\Application Data\5A8963B446.sys
2008-09-21 07:31 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-09-20 12:54 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-09-20 12:54 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-09-13 08:29 --------- d-----w c:\documents and settings\MBI\Application Data\ICQ
2008-08-22 02:08 878,592 ----a-w c:\windows\system32\wininet.dll
2008-08-22 02:08 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-08-22 02:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 02:06 72,704 ----a-w c:\windows\system32\admparse.dll
2008-08-22 02:06 71,680 ----a-w c:\windows\system32\iesetup.dll
2008-08-22 02:06 434,176 ----a-w c:\windows\system32\vbscript.dll
2008-08-22 02:05 48,640 ------w c:\windows\system32\PrivacIE.dll
2008-08-22 02:05 48,128 ----a-w c:\windows\system32\mshtmler.dll
2008-08-22 02:05 35,840 ----a-w c:\windows\system32\imgutil.dll
2008-08-22 02:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 01:57 156,160 ----a-w c:\windows\system32\msls31.dll
2007-11-15 17:23 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-05 22:36 56 --sh--r c:\windows\system32\46B463895A.sys
2008-05-30 21:23 88 --sh--r c:\windows\system32\5A8963B446.sys
2008-05-30 21:23 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-11-11_21.35.19.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-12 00:14:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-06-19 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Games\\SwiftSwitch\\SwiftSwitch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Games\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys [ ]
S1 sbpcint4;SB PCI128;c:\windows\system32\DRIVERS\sbpcint4.sys [ ]
S3 BAGNP;BAGNP;c:\docume~1\MBI\LOCALS~1\Temp\BAGNP.exe [ ]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S4 KHGCCI;KHGCCI;c:\docume~1\MBI\LOCALS~1\Temp\KHGCCI.exe [ ]
S4 KPKXTQY;KPKXTQY;c:\docume~1\MBI\LOCALS~1\Temp\KPKXTQY.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69c9872-185b-11dd-b80d-806d6172696f}]
\Shell\AutoRun\command - F:\Launch.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\MBI\Application Data\Mozilla\Firefox\Profiles\irz4lwdy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 00:21:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\windows\system32\nview.dll
.
Completion time: 2008-11-12 0:25:26
ComboFix-quarantined-files.txt 2008-11-12 00:24:19
ComboFix2.txt 2008-10-20 12:55:38
ComboFix3.txt 2008-10-18 16:31:57

Pre-Run: 28,112,117,760 bytes free
Post-Run: 28,118,003,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

217 --- E O F --- 2008-11-11 07:29:49

#34 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 13 November 2008 - 08:05 AM

Hi Djohn.

It looks like you have less problems now. One question do you have Alcohol/Starwind program installed? If not I'll remove it because I see remaining files/services of it left.

Those problems you were mentioning about seemed to be related to hardware not malware to me.

Let's do some diagnosis though.

1. Inevitable updates for my windows cannot be installed. Wether manually, automatically, or before windows shutdown. In my Pandascan log there is a list of vulnerabilities, I've checked some of them and they lead to this problem.

I had that problem before as well, but I fixed with a tool called Dial-a-fix, maybe you want to try it out too?

Download and Run Dial-a-Fix

This program fixes many common problems in Windows.
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix
See if your Windows updates are okay now? You might want to reboot after for the changes to take affect.

2. I am getting an error when I shut down the computer, I don't remember it's name so I'll edit this post and write it down next time I'll start my computer.

Show me the error next time please don't edit your post because I can overlook that sometimes..

3. My java is not working well, takes to much of processor usage. I will try to reinstall it, if that won't solve the problem, I'll tell you.

Okay, sure no problem. Another suggestion would be to remove your java and install another updated version. There aren't any security differences so don't worry about that.

Update Java to Version 6 Update 10

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
Now from looking at those logs, everything looks clean infact.

Let's run a rootkit scan making sure nothing is hidden because I know from one of the logs in the begining you had a rootkit(TDSSERV).

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

Download and Run OTMoveIT3

I know you have downloaded OTMoveIT before, if you lost it you can find it below.
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    BAGNP
    KHGCCI
    KPKXTQY
    vsdatant
    pavboot
    
    :files
    C:\DOCUME~1\MBI\LOCALS~1\Temp\BAGNP.exe 
    C:\Documents and Settings\All Users\Application Data\avg8
    c:\windows\system32\drivers\pavboot.sys 
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Post back with:
-OTMoveIT log
-GMER Log
-Fresh RSIT log
-Answers to my questions
-Problems you are still having.


With Regards,
Extremeboy

Edited by extremeboy, 13 November 2008 - 08:06 AM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#35 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:02:30 PM

Posted 14 November 2008 - 12:24 PM

Hello, I did what you asked me to do - See below:

Post back with:
-OTMoveIT log


OTMoveIt log:

========== SERVICES/DRIVERS ==========
Service BAGNP stopped successfully.
Service BAGNP deleted successfully.
Service KHGCCI stopped successfully.
Service KHGCCI deleted successfully.
Service KPKXTQY stopped successfully.
Service KPKXTQY deleted successfully.
Service vsdatant stopped successfully.
Service vsdatant deleted successfully.
Unable to stop service pavboot .
========== FILES ==========
File/Folder C:\DOCUME~1\MBI\LOCALS~1\Temp\BAGNP.exe not found.
C:\Documents and Settings\All Users\Application Data\avg8\dumps moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8 moved successfully.
c:\windows\system32\drivers\pavboot.sys moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_62c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11142008_165350

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_13c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\MBI\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

Post back with:

GMER log


//Note: Well if all these are viruses, God help me.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-14 16:48:46
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF7519B30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB6F6D618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6F6D4D4]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF75196F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6F6D9B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB6F6D0AC]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF7519470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB6F6D5AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB6F6CFEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB6F6D050]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF7519C50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB6F6D6CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB6F6D68E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB6F6D80E]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF7519990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF75198D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF7519D60]

---- Kernel code sections - GMER 1.0.14 ----

.text tcpip.sys!IPTransmit + 10B7 B712FCFA 6 Bytes CALL F7B10E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 24D9 B713111C 6 Bytes CALL F7B10E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 4662 B71332A5 6 Bytes CALL F7B10E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys BA7CD3FD 7 Bytes CALL F7B10FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7B11C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7B11BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B11B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7B118E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7B118E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7B11BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7B11C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B11B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B11B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7B118E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7B11BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7B11C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7B118E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7B11C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7B11BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7B11B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7B11C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7B118E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7B11BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B11B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7B118E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7B11BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7B11C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7B118E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B11B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7B11C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7B11BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device \Driver\aswTdi \Device\AswUdpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device \Driver\aswTdi \Device\ASWTDI wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A3A64D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A3A64D8
Device \Driver\atapi \Device\Ide\IdePort0 8A3A64D8
Device \Driver\atapi \Device\Ide\IdePort1 8A3A64D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A3A64D8
Device \Driver\aswTdi \Device\AswTcpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0xC2 0xA0 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programy\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0x38 0x3B 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xDC 0x61 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x38 0x3E 0x7A 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programy\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0x38 0x3B 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xDC 0x61 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0xC2 0xA0 0xB8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programy\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0x38 0x3B 0x45 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xDC 0x61 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0xC2 0xA0 0xB8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programy\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0x38 0x3B 0x45 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xDC 0x61 0xAB ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A692D51D-938F-2011-8E1C-98BB3F79E4C1}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A692D51D-938F-2011-8E1C-98BB3F79E4C1}@oailbfilajhnjgkeoelnobmmjdcffi 0x64 0x61 0x6A 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A692D51D-938F-2011-8E1C-98BB3F79E4C1}@oamibllhhhnaabfhhcnagjojjiljii 0x6A 0x61 0x69 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A692D51D-938F-2011-8E1C-98BB3F79E4C1}@nagmdellpaghfpcgjhdajjnlkbab 0x6B 0x61 0x69 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A692D51D-938F-2011-8E1C-98BB3F79E4C1}@eaembfhjle 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A692D51D-938F-2011-8E1C-98BB3F79E4C1}@cahlnh 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C393F94E-EB68-870D-4C0E-146F008A6447}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C393F94E-EB68-870D-4C0E-146F008A6447}@haakopkdfchgmacd 0x6E 0x61 0x64 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C393F94E-EB68-870D-4C0E-146F008A6447}@japjjannccchidlmabhe 0x6F 0x61 0x70 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C54DE90A-5A4E-9433-029E-371F8F555635}

---- EOF - GMER 1.0.14 ----

Post back with:


Fresh RSIT log



RSIT log

Logfile of random's system information tool 1.04 (written by random/random)
Run by MBI at 2008-11-14 17:00:35
Microsoft Windows XP Professional Service Pack 2
System drive C: has 26 GB (36%) free of 74 GB
Total RAM: 1279 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:04, on 11/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\MRT\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MBI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programy\YouTube Video Converter\upod_link.HTM
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 6005 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-12 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-05 57344]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-12 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WebEye\WebEye.exe"="C:\Program Files\WebEye\WebEye.exe:*:Enabled:SocketAPI"
"C:\Games\SwiftSwitch\SwiftSwitch.exe"="C:\Games\SwiftSwitch\SwiftSwitch.exe:*:Enabled:Utility for RuneScape"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Games\FlatOut2\FlatOut2.exe"="C:\Games\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69c9872-185b-11dd-b80d-806d6172696f}]
shell\AutoRun\command - F:\Launch.exe


======List of files/folders created in the last 3 months======

2008-11-14 16:04:02 ----A---- C:\WINDOWS\gmer.ini
2008-11-14 16:04:01 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-14 16:04:00 ----A---- C:\WINDOWS\gmer.exe
2008-11-14 16:04:00 ----A---- C:\WINDOWS\gmer.dll
2008-11-13 15:24:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 11:24:27 ----D---- C:\Documents and Settings\MBI\Application Data\Opera
2008-11-12 11:24:12 ----D---- C:\Program Files\Opera
2008-11-12 02:18:28 ----SHD---- C:\RECYCLER
2008-11-12 01:34:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-12 01:34:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-12 01:34:50 ----A---- C:\WINDOWS\system32\java.exe
2008-11-12 01:34:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-12 01:16:55 ----D---- C:\WINDOWS\nview
2008-11-12 01:16:55 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-12 01:11:24 ----D---- C:\Program Files\SystemRequirementsLab
2008-11-12 01:02:14 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-12 00:25:28 ----A---- C:\ComboFix.txt
2008-11-12 00:17:16 ----A---- C:\Boot.bak
2008-11-12 00:16:53 ----RASHD---- C:\cmdcons
2008-11-07 18:50:58 ----D---- C:\Fotky
2008-11-07 16:06:06 ----RASHD---- C:\autorun.inf
2008-11-04 22:59:53 ----D---- C:\Program Files\CCleaner
2008-11-04 22:49:38 ----D---- C:\Documents and Settings\MBI\Application Data\uniblue
2008-11-04 22:48:26 ----D---- C:\Program Files\Uniblue
2008-11-04 22:38:16 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-04 22:38:04 ----D---- C:\Program Files\MSBuild
2008-11-04 22:37:36 ----D---- C:\Program Files\Reference Assemblies
2008-11-04 22:35:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-11-04 22:35:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-11-04 22:35:52 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-11-04 18:36:51 ----D---- C:\Program Files\Common Files\Macromedia
2008-11-04 18:36:39 ----D---- C:\Program Files\Macromedia
2008-11-04 18:36:39 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-11-02 01:19:46 ----D---- C:\_OTMoveIt
2008-10-30 23:43:31 ----D---- C:\Program Files\Panda Security
2008-10-27 19:14:25 ----D---- C:\Program Files\ERUNT
2008-10-26 17:49:01 ----D---- C:\Program Files\Virtual Earth 3D
2008-10-26 03:19:59 ----D---- C:\rsit
2008-10-23 15:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-23 15:07:26 ----D---- C:\Program Files\Security Task Manager
2008-10-20 20:46:41 ----D---- C:\PictureProject
2008-10-20 12:45:37 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-19 18:01:08 ----D---- C:\Program Files\Microsoft Games
2008-10-18 21:56:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-18 17:26:53 ----HDC---- C:\WINDOWS\ie8
2008-10-18 17:13:15 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-18 16:32:06 ----D---- C:\WINDOWS\temp
2008-10-18 15:53:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-18 15:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2008-10-18 15:16:00 ----A---- C:\WINDOWS\zip.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\VFIND.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWSC.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWREG.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\sed.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\grep.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\fdsv.exe
2008-10-18 15:15:48 ----D---- C:\WINDOWS\ERDNT
2008-10-18 15:15:48 ----D---- C:\Qoobox
2008-10-18 14:53:57 ----SHD---- C:\WINDOWS\CSC
2008-10-18 01:12:15 ----D---- C:\Documents and Settings\MBI\Application Data\Malwarebytes
2008-10-18 01:12:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 01:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 10:31:44 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-10-16 10:31:40 ----D---- C:\Program Files\Sygate
2008-10-15 16:04:52 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2008-10-15 12:13:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 12:13:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 01:28:24 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-15 01:27:39 ----D---- C:\MRT
2008-10-14 22:30:36 ----A---- C:\RootkitReveal.txt
2008-10-07 19:26:06 ----N---- C:\WINDOWS\avrack.ini
2008-10-07 19:03:37 ----A---- C:\WINDOWS\SBWIN.INI
2008-10-07 19:03:31 ----A---- C:\WINDOWS\system32\MFCUIA32.DLL
2008-10-07 19:03:31 ----A---- C:\WINDOWS\system32\MFCANS32.DLL
2008-10-07 19:03:31 ----A---- C:\WINDOWS\CTRES.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\system32\CTWFLT32.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\system32\CTL3D.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\CTCCW.DLL
2008-10-07 19:03:19 ----A---- C:\WINDOWS\uninst.exe
2008-10-07 19:01:30 ----D---- C:\Program Files\Creative
2008-10-07 18:25:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-07 18:25:41 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-07 17:04:10 ----D---- C:\WINDOWS\Prefetch
2008-10-07 16:42:35 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-07 16:11:58 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-07 16:11:58 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-07 16:11:29 ----RA---- C:\WINDOWS\SET213.tmp
2008-10-07 16:11:24 ----RA---- C:\WINDOWS\SET207.tmp
2008-10-07 16:11:21 ----RA---- C:\WINDOWS\SET204.tmp
2008-10-07 15:41:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-07 15:06:09 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-07 15:05:53 ----A---- C:\rapport.txt
2008-10-07 14:54:44 ----D---- C:\Program Files\Trend Micro
2008-10-06 20:30:02 ----D---- C:\SDFix
2008-10-06 11:25:44 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-06 10:47:37 ----D---- C:\Program Files\Alwil Software
2008-09-29 01:45:21 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-29 01:45:21 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-29 01:45:19 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-29 01:45:18 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-29 01:45:18 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-29 01:45:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-29 01:45:14 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-29 01:45:14 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-29 01:45:12 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-29 01:45:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-29 01:45:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-29 01:45:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-29 01:45:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-29 01:45:04 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-29 01:45:03 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-29 01:45:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-29 01:45:00 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-29 01:45:00 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-29 01:44:57 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-29 01:44:53 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-29 01:44:47 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-29 01:44:38 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-29 01:43:28 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-29 01:43:04 ----D---- C:\WINDOWS\Logs
2008-09-29 00:52:29 ----D---- C:\WINDOWS\nvidia icons
2008-09-29 00:50:07 ----D---- C:\NVIDIA
2008-09-29 00:10:03 ----D---- C:\WINDOWS\system32\scripting
2008-09-29 00:10:03 ----D---- C:\WINDOWS\l2schemas
2008-09-29 00:10:02 ----D---- C:\WINDOWS\system32\en
2008-09-29 00:10:01 ----D---- C:\WINDOWS\system32\bits
2008-09-29 00:05:07 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-24 19:26:46 ----D---- C:\Program Files\Alex Buturuga
2008-09-10 05:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-05 16:50:26 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-05 16:50:18 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 16:50:13 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-05 16:50:13 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-05 16:49:43 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-05 16:49:43 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-05 16:49:27 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-05 16:49:24 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-05 16:49:22 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slserv.exe
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slgen.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\slrundll.exe
2008-09-05 16:49:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-05 16:49:08 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-09-05 16:49:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-05 16:49:03 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-05 16:49:01 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-05 16:48:55 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-05 16:48:50 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-05 16:48:30 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-05 16:48:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-05 16:48:24 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-05 16:47:48 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-05 16:47:25 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-05 16:47:23 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-05 16:47:21 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-05 16:46:50 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-09-05 16:46:50 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-09-05 16:46:46 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-05 16:46:36 ----A---- C:\WINDOWS\003034_.tmp
2008-09-05 16:46:35 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-05 16:46:33 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-05 16:46:33 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-05 16:46:28 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-05 16:46:28 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-05 16:46:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-05 16:46:23 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-05 16:46:14 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-05 16:46:14 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-05 16:46:13 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-05 16:46:13 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-05 16:46:12 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-09-05 16:46:12 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-05 16:46:05 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-22 02:05:00 ----N---- C:\WINDOWS\system32\PrivacIE.dll

======List of files/folders modified in the last 3 months======

2008-11-14 16:59:02 ----D---- C:\WINDOWS
2008-11-14 16:54:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-14 16:53:50 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 16:03:18 ----HD---- C:\WINDOWS\inf
2008-11-14 07:24:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-13 19:44:32 ----A---- C:\WINDOWS\win.ini
2008-11-13 15:27:22 ----RD---- C:\WINDOWS\Web
2008-11-13 15:27:22 ----RD---- C:\Program Files
2008-11-13 15:27:14 ----SHD---- C:\WINDOWS\Installer
2008-11-13 15:25:47 ----D---- C:\WINDOWS\system32
2008-11-13 15:25:33 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-13 11:27:11 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-12 01:56:19 ----D---- C:\Program Files\SwiftKit
2008-11-12 01:35:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-12 01:34:22 ----D---- C:\Program Files\Java
2008-11-12 01:32:28 ----D---- C:\Program Files\Common Files
2008-11-12 01:17:18 ----D---- C:\WINDOWS\Help
2008-11-12 01:16:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 00:21:47 ----A---- C:\WINDOWS\system.ini
2008-11-12 00:20:50 ----D---- C:\WINDOWS\AppPatch
2008-11-12 00:17:16 ----RASH---- C:\boot.ini
2008-11-10 12:30:21 ----D---- C:\Documents and Settings\MBI\Application Data\OpenOffice.org2
2008-11-07 19:47:54 ----D---- C:\Lio King
2008-11-07 19:19:20 ----D---- C:\Documents and Settings\MBI\Application Data\Corel
2008-11-07 19:18:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-07 19:14:42 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 19:07:50 ----D---- C:\WINDOWS\system32\Macromed
2008-11-07 19:07:45 ----D---- C:\Documents and Settings\MBI\Application Data\Macromedia
2008-11-07 19:03:56 ----D---- C:\MBI
2008-11-07 19:03:23 ----RD---- C:\Downloads
2008-11-05 08:25:13 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-05 08:25:06 ----RSD---- C:\WINDOWS\assembly
2008-11-05 06:44:32 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-04 23:08:39 ----D---- C:\WINDOWS\Debug
2008-11-04 23:08:38 ----D---- C:\WINDOWS\Minidump
2008-11-04 22:45:26 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-04 22:39:47 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 22:38:07 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 22:36:54 ----D---- C:\WINDOWS\system32\spool
2008-11-04 22:31:47 ----D---- C:\WINDOWS\WinSxS
2008-11-04 22:29:52 ----D---- C:\WINDOWS\system32\mui
2008-11-04 22:29:45 ----D---- C:\Program Files\Internet Explorer
2008-11-04 18:35:33 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-01 17:13:47 ----D---- C:\Documents and Settings\MBI\Application Data\Skype
2008-11-01 17:13:18 ----D---- C:\Documents and Settings\MBI\Application Data\skypePM
2008-10-27 00:40:26 ----D---- C:\WINDOWS\security
2008-10-26 17:50:59 ----SD---- C:\Documents and Settings\MBI\Application Data\Microsoft
2008-10-24 16:13:51 ----AC---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2008-10-20 12:33:08 ----SHD---- C:\System Volume Information
2008-10-20 12:33:08 ----D---- C:\WINDOWS\system32\Restore
2008-10-18 22:04:24 ----D---- C:\INSTALL
2008-10-18 21:44:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 18:27:18 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-18 17:31:30 ----D---- C:\WINDOWS\Media
2008-10-18 16:17:16 ----D---- C:\WINDOWS\system32\config
2008-10-18 15:56:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-18 14:56:35 ----D---- C:\Programy
2008-10-18 14:54:07 ----D---- C:\Documents and Settings
2008-10-18 00:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-18 00:00:10 ----D---- C:\Program Files\SwiftSwitch
2008-10-14 10:50:17 ----AC---- C:\WINDOWS\CDSEDB01.INI
2008-10-07 19:26:25 ----D---- C:\WINDOWS\system
2008-10-07 19:26:08 ----D---- C:\Program Files\AvRack
2008-10-07 18:43:53 ----AC---- C:\WINDOWS\RtlRack.ini
2008-10-07 18:37:34 ----D---- C:\Program Files\Codec Pack - All In 1
2008-10-07 18:37:05 ----A---- C:\WINDOWS\iun6002.exe
2008-10-07 18:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-07 18:25:15 ----D---- C:\Program Files\Windows Media Player
2008-10-07 17:06:48 ----D---- C:\WINDOWS\system32\Setup
2008-10-07 17:06:32 ----D---- C:\WINDOWS\system32\usmt
2008-10-07 17:06:02 ----D---- C:\WINDOWS\mui
2008-10-07 17:06:02 ----D---- C:\WINDOWS\ehome
2008-10-07 17:06:00 ----D---- C:\WINDOWS\ime
2008-10-07 17:05:56 ----D---- C:\WINDOWS\Registration
2008-10-07 17:05:41 ----D---- C:\WINDOWS\PeerNet
2008-10-07 17:05:22 ----D---- C:\WINDOWS\system32\npp
2008-10-07 17:05:11 ----D---- C:\WINDOWS\msagent
2008-10-07 17:00:49 ----D---- C:\WINDOWS\twain_32
2008-10-07 16:59:33 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 16:58:44 ----D---- C:\WINDOWS\system32\1033
2008-10-07 16:57:16 ----D---- C:\WINDOWS\Driver Cache
2008-10-07 16:52:29 ----D---- C:\WINDOWS\system32\oobe
2008-10-07 16:52:29 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-07 16:49:24 ----D---- C:\Program Files\Movie Maker
2008-10-07 16:49:09 ----D---- C:\Program Files\Outlook Express
2008-10-07 16:49:08 ----D---- C:\Program Files\Common Files\System
2008-10-07 16:48:39 ----D---- C:\WINDOWS\srchasst
2008-10-07 16:48:11 ----D---- C:\Program Files\NetMeeting
2008-10-07 16:43:29 ----D---- C:\WINDOWS\system32\ias
2008-10-07 16:42:42 ----AC---- C:\WINDOWS\ODBCINST.INI
2008-10-07 16:42:24 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-07 16:40:02 ----D---- C:\WINDOWS\system32\Com
2008-10-07 16:39:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-07 16:38:49 ----D---- C:\Program Files\Windows NT
2008-10-07 16:11:42 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-07 11:19:42 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-06 20:05:15 ----A---- C:\WINDOWS\DUMP4cd7.tmp
2008-10-06 20:00:35 ----A---- C:\WINDOWS\DUMP5b2f.tmp
2008-10-06 19:59:18 ----A---- C:\WINDOWS\DUMP5ad2.tmp
2008-10-06 10:30:51 ----D---- C:\Program Files\ICQToolbar
2008-09-30 17:02:18 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-30 17:02:08 ----D---- C:\Program Files\Google
2008-09-29 11:03:06 ----D---- C:\Games
2008-09-29 01:45:24 ----D---- C:\WINDOWS\system32\DirectX
2008-09-29 00:51:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-29 00:16:36 ----D---- C:\Program Files\Messenger
2008-09-29 00:10:26 ----D---- C:\WINDOWS\network diagnostic
2008-09-25 23:15:55 ----D---- C:\Program Files\ICQ6
2008-09-13 08:29:15 ----D---- C:\Documents and Settings\MBI\Application Data\ICQ
2008-08-22 02:15:56 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 02:14:40 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 02:10:34 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-08-22 02:09:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-22 02:08:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-08-22 02:08:22 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-22 02:08:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-22 02:08:06 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08:00 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07:58 ----A---- C:\WINDOWS\system32\url.dll
2008-08-22 02:07:50 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-22 02:07:50 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-22 02:07:08 ----A---- C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-22 02:06:44 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-22 02:06:40 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-22 02:06:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:06:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-22 02:06:30 ----A---- C:\WINDOWS\system32\jscript.dll
2008-08-22 02:06:30 ----A---- C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 02:06:20 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-22 02:06:16 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-22 02:06:16 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-22 02:06:02 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-22 02:05:48 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-22 02:05:34 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-22 02:05:24 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-22 02:05:22 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2008-08-22 02:05:22 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-22 02:05:20 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-22 02:05:16 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-22 02:05:14 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-22 02:05:14 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:05:10 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-22 02:05:08 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-22 02:05:00 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:04:54 ----A---- C:\WINDOWS\system32\mshta.exe
2008-08-22 01:58:12 ----A---- C:\WINDOWS\system32\ieui.dll
2008-08-22 01:57:56 ----A---- C:\WINDOWS\system32\msls31.dll
2008-08-22 01:42:22 ----A---- C:\WINDOWS\system32\ieapfltr.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-14 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-05-16 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-05-16 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 ensqio;ensqio; C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB PCI128; C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-05 460864]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-12 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 StarWindServiceAE;StarWind AE Service; C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]

-----------------EOF-----------------

Post back with:


Answers to my questions


One question do you have Alcohol/Starwind program installed?


No, I've deleted Alcohol quite a while ago. Feel free to delete the rest of the files.

I had that problem before as well, but I fixed with a tool called Dial-a-fix, maybe you want to try it out too?


I did. No change :thumbsup:.

See if your Windows updates are okay now?


Unfortunately, they aren't :).

Post back with:





Problems you are still having.


1. Java still not working properly.

//Note: After I have seen how much infections GMER found, I am not sure how many milions of problems might still be there. We'll see............

Attached Files


Edited by DJohn, 14 November 2008 - 12:43 PM.


#36 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 14 November 2008 - 01:08 PM

Hello.

I need to leave soon, so let me just give you some information so you are not terrified to death.
Give me some time to look over your log and I'll post back ASAP :thumbsup:

1. Java still not working properly.

//Note: After I have seen how much infections GMER found, I am not sure how many milions of problems might still be there. We'll see............

No. GMER is a rootkit scan but what it is listing is not all bad. If it was then you would be in big trouble. It lists many system files and services as well.

Some of the things that GMER also scans are:
  • processes creating
  • drivers loading
  • libraries loading
  • file functions
  • registry entries
  • TCP/IP connections
Anyways, so not everything listed there is bad.

I'll remove the leftovers of Alcohol/Starwind next, thanks for letting me know.

Your Java and Windows update I can't say anything yet, lets finish dealing with those nasties and leftovers and I'll do some diagnosis with your problems. If that still doesn't work, we will need to redirect you to another forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#37 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 17 November 2008 - 12:57 PM

Hello DJohn.

Sorry for the delays...My coach seems to be very busy the few days. I'll try to get back to you ASAP.
Once again I'm sorry, I'll be back (soon, hopefully).

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#38 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:02:30 PM

Posted 18 November 2008 - 11:56 AM

Well, I move today to my new house so I probably won't have the Internet for a while. Maybe I ll get internet within the 5 days, if I wont, feel free to lock this topic, I'll post you ASAP after then.

#39 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 18 November 2008 - 03:32 PM

Hello.

Well, I move today to my new house so I probably won't have the Internet for a while. Maybe I ll get internet within the 5 days, if I wont, feel free to lock this topic, I'll post you ASAP after then.

Okay, great hope everything went well. My coach seems to be a bit busy as well. It may take a while for me to reply as well. So, we'll just leave everything at that for now. I'll be back too.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#40 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 19 November 2008 - 07:57 PM

Hi again. Sorry for the delay.

There were some leftover registry keys that we still need to remove regarding the TDSS rootkit. The files seemed to be removed already.

Run Script with OTMoveIt
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    StarWindServiceAE
    vsdatant
    pavboot
    
    :files
    C:\WINDOWS\system32\drivers\vsdatant.sys
    C:\Programy\Alcohol 120
    c:\windows\system32\drivers\pavboot.sys
    
    :reg
    HKLM\SYSTEM\ControlSet003\Services\TDSSserv
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)


    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.

  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.

Run Dial-A-Fix

We will run Dial-a-fix again, however the instructions this time are slightly different.

Double click Dial-a-Fix.exe to start the program.
Put a checkmark on the following boxes :

Fix Windows Installed
Fix Windows Update

By checking those two boxes, other boxes will also be checked please don't worry about it.

Press the GO button in the bottom of the window

After Dial-a-fix finishes, Exit out and close it.
Reboot and see if your Windows update is okay now..

Please post back with:
-OtMoveit log
-Rsit log
-Any Problems you are still having.
The java thing we might need to move you to another forum

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#41 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:02:30 PM

Posted 24 November 2008 - 03:25 AM

Hello Extremeboy,

I will have the Internet connection soon(max 3 days) so please don't lock this topic even though it's been 5 days since my last post. I can try to do it manually(via flashdirve) if I get time. We'll see ;).

Thanks for putting so muchy effort for fixing my computer. :thumbsup:

#42 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 24 November 2008 - 12:57 PM

Thanks for the information :thumbsup:

I'll see if I can leave this topic longer :)

I probably can. No need to rush. Take your time, if things get a bit busy just tell me so I have an idea you are still here.
I'll fairly busy my self too..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#43 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 07 December 2008 - 01:12 PM

Hello DJohn.

You haven't logged on since the 24th of Novemeber. I'm glad you let me know in advance so we can leave this topic longer, but it's almost 2 weeks and to be fair to other members, I think we should close this topic.

Once you are back, please give me a PM and I'll let a coach know to re-open the topic.

Thanks for understanding.

with regards,
extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#44 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:09:30 AM

Posted 08 December 2008 - 07:12 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users