Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

analyze log file help!!


  • This topic is locked This topic is locked
10 replies to this topic

#1 1sys

1sys

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 14 April 2009 - 06:47 AM

For the first time in maybe 5-6 years i got infected with a trojan, VIRTUMONDE.NEO
ESET kept qurantining those files, and causing headaches, finally i somehow located ComboFix in my toolbox and i ran it and it seems to have worked. However, since i am not the expert on analyzing this file i need assistance.
Thanks in advance, 1sys

ComboFix 09-04-14.08 - 01/14/2009 7:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2569 [GMT -5:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Application Data\inst.exe
c:\windows\system32\aonbcb.dll
c:\windows\system32\bfaekqoi.dll
c:\windows\system32\bunvsyty.dll
c:\windows\system32\cgxtovur.dll
c:\windows\system32\cnhtjyrc.dll
c:\windows\system32\enkfxy.dll
c:\windows\system32\geBqPIbX.dll
c:\windows\system32\jdoqkikp.dll
c:\windows\system32\lbvqwubh.dll
c:\windows\system32\lgaxinnd.dll
c:\windows\system32\lzlfrz.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nviolc.dll
c:\windows\system32\piscajnc.dll
c:\windows\system32\pudibb.dll
c:\windows\system32\rnnwim.dll
c:\windows\system32\srrpmp.dll
c:\windows\system32\tdkurefb.dll
c:\windows\system32\tftota.dll
c:\windows\system32\ubgrwbtv.dll
c:\windows\system32\vmbctrqk.dll
c:\windows\system32\wukadjfv.dll
c:\windows\system32\XbIPqBeg.ini
c:\windows\system32\XbIPqBeg.ini2
c:\windows\system32\xmbwht.dll
c:\windows\system32\ykpwnwuv.dll
c:\windows\system32\ynhvby.dll
D:\PMAGICB.PIF

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-04-12 16:59 . 2009-04-12 16:59 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\ImgBurn
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Webroot
2009-04-12 13:15 . 2009-04-12 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-04-12 13:00 . 2009-04-12 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-04-12 12:53 . 2009-04-12 12:53 -------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-04-12 12:52 . 2009-04-12 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-12 12:51 . 2007-03-15 20:57 443752 ----a-w c:\windows\system32\d3dx10_33.dll
2009-04-12 12:51 . 2007-03-12 20:42 1123696 ----a-w c:\windows\system32\D3DCompiler_33.dll
2009-04-12 12:51 . 2007-03-12 20:42 3495784 ----a-w c:\windows\system32\d3dx9_33.dll
2009-04-12 12:48 . 2009-04-12 12:48 -------- d-----w c:\windows\system32\URTTEMP
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\scripting
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\l2schemas
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\en
2009-04-09 01:17 . 2009-04-09 01:20 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Move Networks
2009-03-28 15:31 . 2009-01-13 08:58 -------- d-sh--w C:\$RECYCLE.BIN
2009-03-28 07:11 . 2007-03-17 11:41 171136 --sha-r C:\grldr
2009-03-28 02:57 . 2009-03-28 07:13 8192 --s-a-r C:\BOOTSECT.BAK
2009-03-28 02:57 . 2008-09-16 17:54 333203 --sha-r C:\bootmgr
2009-03-28 02:57 . 2009-03-28 07:13 -------- d-sh--w C:\Boot
2009-03-28 02:37 . 2009-03-28 02:37 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-27 14:04 . 2009-03-27 14:04 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\tjnet
2009-03-27 00:47 . 2002-07-31 23:55 108 --sh--w c:\windows\WSYS049.SYS
2009-03-27 00:47 . 2001-09-05 16:28 41 ---h--w c:\windows\trfntw32.cfg
2009-03-27 00:46 . 2006-01-26 23:56 831776 ----a-w c:\windows\system32\wodFtpDLX.dll
2009-03-27 00:46 . 2003-10-09 19:10 274976 ----a-w c:\windows\system32\XceedFtp.dll
2009-03-27 00:32 . 1999-03-22 16:29 233472 ----a-w c:\windows\system32\Ilda32.dll
2009-03-27 00:32 . 1998-06-17 08:00 18944 ----a-w c:\windows\system32\BORLNDMM.DLL
2009-03-27 00:31 . 2009-03-27 00:40 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\NoteTab Light
2009-03-26 00:56 . 2009-01-14 11:20 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\mjusbsp
2009-03-26 00:55 . 2008-04-13 18:45 60032 ----a-w c:\windows\system32\drivers\usbaudio.sys
2009-03-26 00:55 . 2008-04-13 18:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-03-25 23:26 . 2009-03-25 23:26 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-03-25 23:24 . 2008-12-22 12:23 20232 ----a-w c:\windows\system32\AntiSpyNative64.exe
2009-03-25 23:24 . 2008-12-22 12:23 16648 ----a-w c:\windows\system32\AntiSpyNative32.exe
2009-03-25 02:26 . 2009-03-25 02:26 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\ESET
2009-03-25 00:45 . 2009-03-25 02:14 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Uniblue
2009-03-25 00:42 . 2009-04-11 22:06 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Adobe
2009-03-25 00:42 . 2009-03-25 01:24 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools Pro
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 02:31 . 2008-07-09 09:05 421888 ----a-w c:\windows\system32\ac3filter.acm
2009-03-23 23:59 . 2009-03-23 23:59 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-23 23:59 . 2009-03-25 01:14 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools Lite
2009-03-23 21:19 . 2009-03-23 21:19 -------- d-----w c:\windows\system32\drivers\UMDF
2009-03-23 21:19 . 2009-03-23 21:19 -------- d-----w c:\windows\system32\LogFiles
2009-03-23 00:10 . 2007-08-13 22:54 33792 -c----w c:\windows\system32\dllcache\custsat.dll
2009-03-22 22:19 . 2009-03-22 22:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-03-21 23:27 . 2009-03-21 23:27 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-21 23:27 . 2009-03-21 23:27 47360 ----a-w c:\documents and settings\Luan Mersini\Application Data\pcouffin.sys
2009-03-21 23:27 . 2008-01-12 22:58 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Vso
2009-03-21 23:27 . 2006-09-29 15:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-03-21 23:27 . 2006-09-29 15:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-03-21 23:27 . 2006-09-29 15:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-03-21 21:15 . 2009-03-21 21:15 -------- d-sh--w C:\Diskeeper
2009-03-21 20:10 . 2009-03-21 20:10 -------- d-----w c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-03-20 22:36 . 2008-04-14 00:12 33792 ----a-w c:\windows\system32\mmcperf.exe
2009-03-20 22:18 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-03-20 22:16 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-03-20 22:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-20 22:16 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-03-20 22:16 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-03-20 22:15 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-03-20 22:15 . 2008-10-03 10:02 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-03-20 22:15 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-03-20 21:59 . 2008-04-27 15:35 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-03-20 21:59 . 2008-04-27 15:33 765952 ----a-w c:\windows\system32\xvidcore.dll
2009-03-20 21:59 . 2007-06-28 23:55 77824 ----a-w c:\windows\system32\xvid.ax
2009-03-20 21:58 . 2009-03-20 21:58 -------- d-----w C:\MEDIA PLAYER UPDATE
2009-03-20 21:43 . 2001-07-06 05:19 164 ------w c:\windows\avrack.ini
2009-03-20 21:43 . 2004-11-18 00:05 2297664 ----a-w c:\windows\system32\drivers\ALCXWDM.SYS
2009-03-20 21:43 . 2004-09-07 19:23 156672 ----a-w c:\windows\system32\RTLCPAPI.dll
2009-03-20 21:43 . 2004-11-15 23:20 77824 ----a-w c:\windows\SOUNDMAN.EXE
2009-03-20 21:43 . 2004-10-27 20:47 40960 ----a-w c:\windows\system32\ChCfg.exe
2009-03-20 21:43 . 2004-11-17 21:11 9319936 ----a-w c:\windows\system32\RTLCPL.EXE
2009-03-20 21:43 . 2002-02-05 18:54 141016 ----a-w c:\windows\system32\ALSNDMGR.WAV
2009-03-20 21:43 . 2004-11-17 21:08 16162816 ----a-w c:\windows\system32\ALSNDMGR.CPL
2009-03-20 21:43 . 2004-11-05 21:29 208896 ------w c:\windows\alcupd.exe
2009-03-20 21:43 . 2004-09-02 01:04 139264 ------w c:\windows\alcrmv.exe
2009-03-20 03:04 . 2009-03-20 03:04 -------- d-sh--w c:\documents and settings\Luan Mersini\UserData
2009-03-20 02:51 . 2009-03-20 02:51 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Help
2009-03-20 02:43 . 2006-10-27 00:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-03-20 02:41 . 2009-03-20 02:41 -------- d-----w c:\windows\SHELLNEW
2009-03-20 02:41 . 2009-03-20 02:41 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Microsoft Help
2009-03-20 02:40 . 2009-03-20 02:44 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-20 02:40 . 2009-03-20 02:40 -------- d--h--r C:\MSOCache
2009-03-20 01:38 . 2004-08-04 07:56 221184 ----a-w c:\windows\system32\wmpns.dll
2009-03-20 01:38 . 2009-03-20 01:55 316640 ----a-w c:\windows\WMSysPr9.prx
2009-03-20 01:37 . 2009-04-10 16:22 -------- d-----w c:\windows\peernet
2009-03-20 01:37 . 2009-03-20 01:37 -------- d-----w c:\windows\provisioning
2009-03-20 01:37 . 2009-03-20 01:37 -------- d-----w c:\windows\ServicePackFiles
2009-03-20 01:35 . 2009-04-10 16:11 -------- d-----w c:\windows\EHome
2009-03-20 01:14 . 2009-03-20 01:16 -------- d-----w C:\AUDIO DRIVERS
2009-03-20 01:04 . 2008-04-14 10:42 11264 ----a-w c:\windows\system32\spnpinst.exe
2009-03-20 01:04 . 2004-08-02 19:20 7208 ----a-w c:\windows\system32\secupd.sig
2009-03-20 01:04 . 2004-08-02 19:20 4569 ----a-w c:\windows\system32\secupd.dat
2009-03-20 01:04 . 2002-04-16 02:11 67866 ----a-w c:\windows\system32\drivers\netwlan5.img
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\windows\system32\AGEIA
2009-03-20 00:48 . 2009-01-14 11:19 212641 ----a-w c:\windows\system32\nvapps.xml
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\windows\nview
2009-03-20 00:48 . 2009-02-18 19:44 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-03-20 00:48 . 2009-02-18 19:44 19021 ----a-w c:\windows\system32\nvdisp.nvu
2009-03-20 00:48 . 2009-02-17 04:17 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-20 00:47 . 2009-03-20 00:47 -------- d-----w C:\NVIDIA
2009-03-20 00:47 . 2008-04-14 00:11 1082368 ----a-w c:\windows\system32\esent.dll
2009-03-20 00:45 . 2009-01-13 10:52 61952 ----a-w c:\documents and settings\Luan Mersini\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-20 00:44 . 2009-03-20 00:44 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-20 00:42 . 2009-03-20 00:42 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Downloaded Installations
2009-03-20 00:40 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\bits
2009-03-20 00:39 . 2007-08-11 01:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-03-20 00:39 . 2009-04-10 20:54 -------- d--h--w c:\windows\$hf_mig$
2009-03-20 00:39 . 2008-04-14 00:12 354304 ----a-w c:\windows\system32\winhttp.dll
2009-03-20 00:39 . 2008-04-14 00:12 18944 ------w c:\windows\system32\qmgrprxy.dll
2009-03-20 00:39 . 2008-04-14 00:11 8192 ----a-w c:\windows\system32\bitsprx2.dll
2009-03-20 00:39 . 2008-04-14 00:11 7168 ----a-w c:\windows\system32\bitsprx3.dll
2009-03-20 00:36 . 2009-03-20 00:36 -------- dc-h--w c:\windows\$MSI30UninstallMSI30-KB884016$
2009-03-20 00:30 . 2008-10-16 19:13 202776 ----a-w c:\windows\system32\wuweb.dll
2009-03-20 00:30 . 2008-10-16 19:12 323608 ----a-w c:\windows\system32\wucltui.dll
2009-03-20 00:30 . 2008-10-16 19:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-03-20 00:30 . 2008-10-16 19:12 213528 ----a-w c:\windows\system32\wuaucpl.cpl
2009-03-20 00:30 . 2008-10-16 19:08 34328 ----a-w c:\windows\system32\wups.dll
2009-03-20 00:30 . 2008-04-14 00:12 165888 ----a-w c:\windows\system32\wuauclt1.exe
2009-03-20 00:30 . 2008-04-14 00:12 183296 ----a-w c:\windows\system32\wuaueng1.dll
2009-03-17 02:47 . 2009-03-17 02:47 -------- d-s---w c:\windows\system32\Microsoft
2009-03-17 02:46 . 2009-03-17 02:46 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 16:39 . 2009-04-12 16:39 -------- d-----w c:\program files\InterActual
2009-04-12 16:31 . 2009-04-12 12:54 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-12 16:30 . 2009-04-12 12:54 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-12 12:53 . 2009-04-12 12:53 -------- d-----w c:\program files\SmartSound Software
2009-04-12 12:52 . 2009-03-20 21:43 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-10 16:24 . 2009-03-17 01:24 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-10 16:15 . 2002-08-29 12:00 250048 --sha-r C:\ntldr
2009-03-29 07:00 . 2009-03-29 07:00 -------- d-----w c:\program files\MSXML 4.0
2009-03-27 20:24 . 2009-03-17 02:31 -------- d-----w c:\program files\Java
2009-03-27 00:46 . 2009-03-27 00:46 -------- d-----w c:\program files\CoffeeCup Software
2009-03-25 01:24 . 2009-03-25 00:42 -------- d-----w c:\program files\NOS
2009-03-25 00:46 . 2009-03-25 00:46 -------- d-----w c:\program files\Common Files\Adobe
2009-03-25 00:21 . 2009-03-25 00:21 -------- d-----w c:\program files\Uniblue
2009-03-23 21:20 . 2009-03-23 21:20 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-21 23:27 . 2009-03-21 23:27 -------- d-----w c:\program files\vso
2009-03-21 20:10 . 2009-03-21 20:10 -------- d-----w c:\program files\Common Files\Diskeeper Corporation
2009-03-20 21:59 . 2009-03-20 21:59 -------- d-----w c:\program files\Xvid
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\Realtek Sound Manager
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\AvRack
2009-03-20 21:43 . 2009-03-20 00:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 03:05 . 2009-03-20 03:05 -------- d-----w c:\program files\Yahoo!
2009-03-20 02:43 . 2009-03-20 02:43 -------- d-----w c:\program files\Microsoft Works
2009-03-20 02:42 . 2009-03-20 02:42 -------- d-----w c:\program files\Microsoft.NET
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\0KTNZ1B7.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\2GQFZZB1.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\II7F5FDR.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\75BJ1NP3.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\5BZNJF73.DAT
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\program files\AGEIA Technologies
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-17 02:45 . 2009-03-17 02:45 -------- d-----w c:\program files\ESET
2009-03-17 01:25 . 2009-03-17 01:25 -------- d-----w c:\program files\microsoft frontpage
2009-03-17 01:25 . 2009-03-17 01:25 558142 ----a-w c:\windows\java\Packages\EWRTNLNP.ZIP
2009-03-17 01:25 . 2009-03-17 01:25 155995 ----a-w c:\windows\java\Packages\W69VLBR5.ZIP
2009-03-17 01:23 . 2009-03-17 01:23 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-09 11:13 . 2002-08-29 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 23:24 . 2009-01-16 23:24 70936 ----a-w c:\windows\system32\PhysXLoader.dll
2009-01-14 11:51 . 2009-01-14 11:41 136 ----a-w C:\VundoFix.txt
2009-01-14 01:30 . 2009-01-14 01:19 28032 ----a-w c:\windows\system32\rabfvcjh.dll
2009-01-14 00:11 . 2009-01-14 00:04 43520 ----a-w c:\windows\system32\nqvgsoft.dll
2009-01-14 00:00 . 2009-01-13 21:03 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 23:59 . 2009-01-13 23:59 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\PC Tools
2009-01-13 01:11 . 2009-01-13 01:11 43 ----a-w C:\GSMRIDevice.tag
2009-01-13 00:56 . 2009-01-13 00:56 156160 ----a-w c:\windows\uwuxixibabud.dll
2009-01-13 00:44 . 2009-01-13 00:44 -------- d-----w c:\documents and settings\All Users\Application Data\Geek Squad
2008-12-20 23:15 . 2006-06-23 16:33 826368 ----a-w c:\windows\system32\wininet.dll
2008-12-19 15:15 . 2008-12-19 15:15 4338246 ----a-w c:\windows\system32\libavcodec.dll
2008-12-17 17:41 . 2008-12-17 17:41 884237 ----a-w c:\windows\system32\ff_x264.dll
2008-12-17 17:22 . 2008-12-17 17:22 93184 ----a-w c:\windows\system32\ff_wmv9.dll
2008-12-17 17:22 . 2008-12-17 17:22 57344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-17 17:17 . 2008-12-17 17:17 239247 ----a-w c:\windows\system32\ff_theora.dll
2008-12-17 16:59 . 2008-12-17 16:59 560802 ----a-w c:\windows\system32\libmplayer.dll
2008-12-11 10:57 . 2002-08-29 12:00 333952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 06:54 . 2002-08-29 12:00 144896 ----a-w c:\windows\system32\schannel.dll
2008-12-04 14:28 . 2008-12-04 14:28 24344 ----a-w c:\windows\system32\PhysXDevice.dll
2008-11-29 20:26 . 2008-11-29 20:26 991232 ----a-w c:\windows\system32\VSFilter.dll
2008-11-26 13:55 . 2008-11-26 13:55 288024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-11-25 13:38 . 2008-11-25 13:38 288024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-10-23 12:36 . 2002-08-29 12:00 286720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 . 2009-03-17 01:22 1809944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:09 . 2009-03-17 01:22 51224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2008-10-16 19:09 43544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:09 . 2002-08-29 12:00 92696 ----a-w c:\windows\system32\cdm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Luan Mersini\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-02-18 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="d:\roxiofinal\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"Slakaqoju"="c:\windows\uwuxixibabud.dll" [2009-01-13 156160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Luan Mersini\\Application Data\\mjusbsp\\magicJack.exe"=

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;d:\roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R2 SessionLauncher;SessionLauncher; [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;d:\roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-03-25 12:23]
.
- - - - ORPHANS REMOVED - - - -

BHO-{37380610-e17e-4c49-a2f2-a27879acf0a6} - c:\windows\system32\aonbcb.dll
BHO-{8CA0F34C-F237-44E9-9438-1AA27285483C} - c:\windows\system32\geBqPIbX.dll
HKLM-Run-Bxagiqivuxegeqe - c:\windows\Uwocifoh.dll
HKLM-Run-88ef6cc7 - c:\windows\system32\piscajnc.dll
ShellExecuteHooks-{ad5773f0-fefb-402b-8174-bdf966ed8ea0} - c:\windows\system32\aonbcb.dll
Notify-qoMfcDss - qoMfcDss.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 06:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1328)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\diskkeeper\DkService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Luan Mersini\Application Data\mjusbsp\in00000\mjsetup.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-01-14 11:22

Pre-Run: 84,156,567,552 bytes free
Post-Run: 84,196,052,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT /NOEXECUTE=OPTIN

335 --- E O F --- 2009-04-11 02:40

BC AdBot (Login to Remove)

 


#2 1sys

1sys
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 April 2009 - 03:37 PM

no one has had a chanc to analyze the file yet, or...
a little glance would do it.

#3 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:10:57 PM

Posted 15 April 2009 - 05:08 PM

Hello, 1sys

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\rabfvcjh.dll
c:\windows\system32\nqvgsoft.dll
c:\windows\uwuxixibabud.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

You should also know that running ComboFix unsupervised can have disastrous consequences, in worst cases causing errors in the boot process and preventing the pc from starting up. Do not do this in future, for your own safety :thumbup2:
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#4 1sys

1sys
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 16 April 2009 - 09:49 PM

Hey Jat, thanks a lot for your help. i appreciated.
I kind of knew this proggy is powerful but did not realize that it can mess up the PC up to that extent. So, i did save the CFScript.txt and ran it.
here is the log file created. For future reference, should i attach the file you prefere this way?

ComboFix 09-04-17.01 - Luan Mersini 04/16/2009 22:37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2680 [GMT -4:00]
Running from: c:\documents and settings\Luan Mersini\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Luan Mersini\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\nqvgsoft.dll
c:\windows\system32\rabfvcjh.dll
c:\windows\uwuxixibabud.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nqvgsoft.dll
c:\windows\system32\rabfvcjh.dll
c:\windows\uwuxixibabud.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-15 22:35 . 2009-04-15 22:35 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-15 22:35 . 2009-04-17 02:43 1654048 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 22:35 . 2009-04-17 02:42 17952 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-15 22:35 . 2009-04-17 02:40 3728 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-15 22:35 . 2009-04-17 02:40 27356 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-15 22:12 . 2009-04-15 22:12 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-14 23:47 . 2009-04-14 23:48 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\ApplicationHistory
2009-04-12 16:59 . 2009-04-12 16:59 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\ImgBurn
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Webroot
2009-04-12 13:15 . 2009-04-12 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-04-12 13:00 . 2009-04-15 20:59 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-04-12 12:53 . 2009-04-12 12:53 -------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-04-12 12:52 . 2009-04-12 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-12 12:51 . 2007-03-15 20:57 443752 ------w c:\windows\system32\d3dx10_33.dll
2009-04-12 12:51 . 2007-03-12 20:42 1123696 ------w c:\windows\system32\D3DCompiler_33.dll
2009-04-12 12:51 . 2007-03-12 20:42 3495784 ------w c:\windows\system32\d3dx9_33.dll
2009-04-12 12:48 . 2009-04-12 12:48 -------- d-----w c:\windows\system32\URTTEMP
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\scripting
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\l2schemas
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\en
2009-04-09 01:17 . 2009-04-15 19:49 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Move Networks
2009-03-28 15:31 . 2009-01-13 08:58 -------- d-sh--w C:\$RECYCLE.BIN
2009-03-28 07:11 . 2007-03-17 11:41 171136 --sha-r C:\grldr
2009-03-28 02:57 . 2009-03-28 07:13 8192 --s-a-r C:\BOOTSECT.BAK
2009-03-28 02:57 . 2008-09-16 17:54 333203 --sha-r C:\bootmgr
2009-03-28 02:57 . 2009-03-28 07:13 -------- d-sh--w C:\Boot
2009-03-28 02:37 . 2009-03-28 02:37 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-27 14:04 . 2009-03-27 14:04 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\tjnet
2009-03-27 00:47 . 2002-07-31 23:55 108 --sh--w c:\windows\WSYS049.SYS
2009-03-27 00:47 . 2001-09-05 16:28 41 ---h--w c:\windows\trfntw32.cfg
2009-03-27 00:46 . 2006-01-26 23:56 831776 ------w c:\windows\system32\wodFtpDLX.dll
2009-03-27 00:46 . 2003-10-09 19:10 274976 ------w c:\windows\system32\XceedFtp.dll
2009-03-27 00:32 . 1999-03-22 16:29 233472 ------w c:\windows\system32\Ilda32.dll
2009-03-27 00:32 . 1998-06-17 08:00 18944 ------w c:\windows\system32\BORLNDMM.DLL
2009-03-27 00:31 . 2009-03-27 00:40 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\NoteTab Light
2009-03-26 00:56 . 2009-04-16 11:07 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\mjusbsp
2009-03-26 00:55 . 2008-04-13 18:45 60032 ------w c:\windows\system32\drivers\usbaudio.sys
2009-03-26 00:55 . 2008-04-13 18:45 32128 ------w c:\windows\system32\drivers\usbccgp.sys
2009-03-25 23:26 . 2009-03-25 23:26 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-03-25 23:24 . 2008-12-22 12:23 20232 ------w c:\windows\system32\AntiSpyNative64.exe
2009-03-25 23:24 . 2008-12-22 12:23 16648 ------w c:\windows\system32\AntiSpyNative32.exe
2009-03-25 02:26 . 2009-03-25 02:26 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\ESET
2009-03-25 00:45 . 2009-03-25 02:14 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Uniblue
2009-03-25 00:42 . 2009-04-11 22:06 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Adobe
2009-03-25 00:42 . 2009-03-25 01:24 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools Pro
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 02:31 . 2008-07-09 09:05 421888 ------w c:\windows\system32\ac3filter.acm
2009-03-23 23:59 . 2009-03-23 23:59 717296 ------w c:\windows\system32\drivers\sptd.sys
2009-03-23 23:59 . 2009-03-25 01:14 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools Lite
2009-03-23 21:19 . 2009-03-23 21:19 -------- d-----w c:\windows\system32\drivers\UMDF
2009-03-23 21:19 . 2009-03-23 21:19 -------- d-----w c:\windows\system32\LogFiles
2009-03-23 00:10 . 2007-08-13 22:54 33792 -c----w c:\windows\system32\dllcache\custsat.dll
2009-03-22 22:19 . 2009-03-22 22:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-03-21 23:27 . 2009-04-17 02:26 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Vso
2009-03-21 23:27 . 2009-03-21 23:27 47360 ----a-w c:\documents and settings\Luan Mersini\Application Data\pcouffin.sys
2009-03-21 23:27 . 2009-03-21 23:27 47360 ------w c:\windows\system32\drivers\pcouffin.sys
2009-03-21 23:27 . 2006-09-29 15:26 176165 ------w c:\windows\system32\drv23260.dll
2009-03-21 23:27 . 2006-09-29 15:25 208935 ------w c:\windows\system32\drv33260.dll
2009-03-21 23:27 . 2006-09-29 15:24 217127 ------w c:\windows\system32\drv43260.dll
2009-03-21 21:15 . 2009-03-21 21:15 -------- d-sh--w C:\Diskeeper
2009-03-21 20:10 . 2009-03-21 20:10 -------- d-----w c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-03-20 22:36 . 2008-04-14 00:12 33792 ------w c:\windows\system32\mmcperf.exe
2009-03-20 22:18 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-03-20 22:16 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-03-20 22:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-20 22:16 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-03-20 22:16 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-03-20 22:15 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-03-20 22:15 . 2008-10-03 10:02 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-03-20 22:15 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-03-20 21:59 . 2008-04-27 15:35 180224 ------w c:\windows\system32\xvidvfw.dll
2009-03-20 21:59 . 2008-04-27 15:33 765952 ------w c:\windows\system32\xvidcore.dll
2009-03-20 21:59 . 2007-06-28 23:55 77824 ------w c:\windows\system32\xvid.ax
2009-03-20 21:58 . 2009-03-20 21:58 -------- d-----w C:\MEDIA PLAYER UPDATE
2009-03-20 21:43 . 2001-07-06 05:19 164 ------w c:\windows\avrack.ini
2009-03-20 21:43 . 2004-11-18 00:05 2297664 ------w c:\windows\system32\drivers\ALCXWDM.SYS
2009-03-20 21:43 . 2004-09-07 19:23 156672 ------w c:\windows\system32\RTLCPAPI.dll
2009-03-20 21:43 . 2004-11-15 23:20 77824 ----a-w c:\windows\SOUNDMAN.EXE
2009-03-20 21:43 . 2004-10-27 20:47 40960 ------w c:\windows\system32\ChCfg.exe
2009-03-20 21:43 . 2004-11-17 21:11 9319936 ------w c:\windows\system32\RTLCPL.EXE
2009-03-20 21:43 . 2002-02-05 18:54 141016 ------w c:\windows\system32\ALSNDMGR.WAV
2009-03-20 21:43 . 2004-11-17 21:08 16162816 ------w c:\windows\system32\ALSNDMGR.CPL
2009-03-20 21:43 . 2004-11-05 21:29 208896 ------w c:\windows\alcupd.exe
2009-03-20 21:43 . 2004-09-02 01:04 139264 ------w c:\windows\alcrmv.exe
2009-03-20 03:04 . 2009-03-20 03:04 -------- d-sh--w c:\documents and settings\Luan Mersini\UserData
2009-03-20 02:51 . 2009-03-20 02:51 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Help
2009-03-20 02:43 . 2006-10-27 00:56 32592 ------w c:\windows\system32\msonpmon.dll
2009-03-20 02:41 . 2009-03-20 02:41 -------- d-----w c:\windows\SHELLNEW
2009-03-20 02:41 . 2009-03-20 02:41 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Microsoft Help
2009-03-20 02:40 . 2009-03-20 02:44 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-20 02:40 . 2009-03-20 02:40 -------- d--h--r C:\MSOCache
2009-03-20 01:38 . 2004-08-04 07:56 221184 ------w c:\windows\system32\wmpns.dll
2009-03-20 01:38 . 2009-03-20 01:55 316640 ----a-w c:\windows\WMSysPr9.prx
2009-03-20 01:37 . 2009-04-10 16:22 -------- d-----w c:\windows\peernet
2009-03-20 01:37 . 2009-03-20 01:37 -------- d-----w c:\windows\provisioning
2009-03-20 01:37 . 2009-03-20 01:37 -------- d-----w c:\windows\ServicePackFiles
2009-03-20 01:35 . 2009-04-10 16:11 -------- d-----w c:\windows\EHome
2009-03-20 01:14 . 2009-03-20 01:16 -------- d-----w C:\AUDIO DRIVERS
2009-03-20 01:04 . 2008-04-14 10:42 11264 ------w c:\windows\system32\spnpinst.exe
2009-03-20 01:04 . 2004-08-02 19:20 7208 ------w c:\windows\system32\secupd.sig
2009-03-20 01:04 . 2004-08-02 19:20 4569 ------w c:\windows\system32\secupd.dat
2009-03-20 01:04 . 2002-04-16 02:11 67866 ------w c:\windows\system32\drivers\netwlan5.img
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\windows\system32\AGEIA
2009-03-20 00:48 . 2009-04-17 02:42 212641 ----a-w c:\windows\system32\nvapps.xml
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\windows\nview
2009-03-20 00:48 . 2009-02-18 19:44 453152 ------w c:\windows\system32\nvudisp.exe
2009-03-20 00:48 . 2009-02-18 19:44 19021 ------w c:\windows\system32\nvdisp.nvu
2009-03-20 00:48 . 2009-02-17 04:17 453152 ------w c:\windows\system32\NVUNINST.EXE
2009-03-20 00:47 . 2009-03-20 00:47 -------- d-----w C:\NVIDIA
2009-03-20 00:47 . 2008-04-14 00:11 1082368 ------w c:\windows\system32\esent.dll
2009-03-20 00:45 . 2009-04-15 22:02 46488 ----a-w c:\documents and settings\Luan Mersini\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-20 00:44 . 2009-03-20 00:44 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-20 00:42 . 2009-03-20 00:42 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Downloaded Installations
2009-03-20 00:40 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\bits
2009-03-20 00:39 . 2007-08-11 01:46 26488 ------w c:\windows\system32\spupdsvc.exe
2009-03-20 00:39 . 2009-04-17 00:31 -------- d--h--w c:\windows\$hf_mig$
2009-03-20 00:39 . 2008-04-14 00:12 354304 ------w c:\windows\system32\winhttp.dll
2009-03-20 00:39 . 2008-04-14 00:12 18944 ------w c:\windows\system32\qmgrprxy.dll
2009-03-20 00:39 . 2008-04-14 00:11 8192 ------w c:\windows\system32\bitsprx2.dll
2009-03-20 00:39 . 2008-04-14 00:11 7168 ------w c:\windows\system32\bitsprx3.dll
2009-03-20 00:36 . 2009-03-20 00:36 -------- dc-h--w c:\windows\$MSI30UninstallMSI30-KB884016$
2009-03-20 00:30 . 2008-10-16 19:13 202776 ------w c:\windows\system32\wuweb.dll
2009-03-20 00:30 . 2008-10-16 19:12 323608 ------w c:\windows\system32\wucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 00:29 . 2009-01-13 00:57 158208 ----a-w c:\windows\Ewabefova.dat
2009-04-15 22:35 . 2009-04-15 22:35 -------- d-----w c:\program files\Kaspersky Lab
2009-04-15 21:52 . 2009-04-12 12:54 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-12 12:53 . 2009-04-12 12:53 -------- d-----w c:\program files\SmartSound Software
2009-04-12 12:52 . 2009-03-20 21:43 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-10 16:24 . 2009-03-17 01:24 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-10 16:15 . 2002-08-29 12:00 250048 --sha-r C:\ntldr
2009-03-29 07:00 . 2009-03-29 07:00 -------- d-----w c:\program files\MSXML 4.0
2009-03-27 20:24 . 2009-03-17 02:31 -------- d-----w c:\program files\Java
2009-03-27 00:46 . 2009-03-27 00:46 -------- d-----w c:\program files\CoffeeCup Software
2009-03-25 01:24 . 2009-03-25 00:42 -------- d-----w c:\program files\NOS
2009-03-25 00:46 . 2009-03-25 00:46 -------- d-----w c:\program files\Common Files\Adobe
2009-03-25 00:21 . 2009-03-25 00:21 -------- d-----w c:\program files\Uniblue
2009-03-23 21:20 . 2009-03-23 21:20 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-21 23:27 . 2009-03-21 23:27 -------- d-----w c:\program files\vso
2009-03-21 20:10 . 2009-03-21 20:10 -------- d-----w c:\program files\Common Files\Diskeeper Corporation
2009-03-20 21:59 . 2009-03-20 21:59 -------- d-----w c:\program files\Xvid
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\Realtek Sound Manager
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\AvRack
2009-03-20 21:43 . 2009-03-20 00:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 03:05 . 2009-03-20 03:05 -------- d-----w c:\program files\Yahoo!
2009-03-20 02:43 . 2009-03-20 02:43 -------- d-----w c:\program files\Microsoft Works
2009-03-20 02:42 . 2009-03-20 02:42 -------- d-----w c:\program files\Microsoft.NET
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\0KTNZ1B7.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\2GQFZZB1.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\II7F5FDR.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\75BJ1NP3.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\5BZNJF73.DAT
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\program files\AGEIA Technologies
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-17 02:46 . 2009-03-17 02:46 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\ESET
2009-03-17 02:45 . 2009-03-17 02:45 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-17 01:25 . 2009-03-17 01:25 -------- d-----w c:\program files\microsoft frontpage
2009-03-17 01:25 . 2009-03-17 01:25 558142 ----a-w c:\windows\java\Packages\EWRTNLNP.ZIP
2009-03-17 01:25 . 2009-03-17 01:25 155995 ----a-w c:\windows\java\Packages\W69VLBR5.ZIP
2009-03-17 01:23 . 2009-03-17 01:23 21640 ------w c:\windows\system32\emptyregdb.dat
2009-03-09 09:19 . 2009-03-17 02:31 410984 ------w c:\windows\system32\deploytk.dll
2009-02-09 11:13 . 2002-08-29 12:00 1846784 ------w c:\windows\system32\win32k.sys
2002-07-31 23:55 . 2009-03-27 00:47 108 --sh--w c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-04-15_00.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-01 21:42 . 2006-11-01 21:42 94314 c:\windows\system32\klogon.dll
+ 2006-11-15 19:44 . 2006-11-15 19:44 18273 c:\windows\system32\drivers\klop.sys
+ 2009-04-15 22:35 . 2009-04-15 22:35 59536 c:\windows\system32\drivers\klin.sys
+ 2009-04-15 22:35 . 2009-04-15 22:35 61072 c:\windows\system32\drivers\klick.sys
+ 2009-03-15 09:14 . 2009-04-15 22:00 190592 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-15 22:35 . 2009-04-15 22:35 174864 c:\windows\system32\drivers\klif.sys
+ 2006-09-28 18:36 . 2006-09-28 18:36 104448 c:\windows\system32\drivers\kl1.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Luan Mersini\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-02-18 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Slakaqoju"="c:\windows\Ewabefova.dat" [2009-04-17 158208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Luan Mersini\\Application Data\\mjusbsp\\magicJack.exe"=

R2 RoxLiveShare10;LiveShare P2P Server 10; [x]
R2 SessionLauncher;SessionLauncher; [x]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d83df276-19a0-11de-af2f-001ee5d7d30c}]
\Shell\AutoRun\command - I:\autorun.exe
\Shell\phone\command - I:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-03-25 12:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 22:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\KasperskyLab\AVP6\Data]
@DACL=(02 0000)
"UpdateState"=dword:00000040
"LastStart"=dword:49e66209
"InsOsVer"=dword:02050100
"LastError"=dword:00000000
"Completion"=dword:00000000
"StartTime"=dword:ffffffff
"FinishTime"=dword:ffffffff
"ProductState"=dword:00000000
"ProtectionState"=dword:00000044
"KeyState"=dword:00000080
"ThreatsState"=dword:00000000
"ProductStateMask"=hex:00,00,00,00,00,00,00,00
"LastSuccessfulFullScan"=dword:ffffffff
"LastSuccessfulUpdate"=dword:ffffffff
"NextAutoUpdate"=dword:ffffffff
"LastFullScanState"=dword:00000000
"BasesError"=dword:00000000
"LicRenewStatus"=dword:00000002
"KlopKeyCount"=dword:00000000
"LicDaysTillExpiration"=dword:00000000
"LicInvalidReason"=dword:00000000
"LicKeyType"=dword:00000000
"RunningUpdaterURL"=""
"BlockedPort"=""
"Error"=dword:00000000
"TaskMalfunction"=""
"TaskDisabled"=""
"TaskNotRunning"="Web_Monitoring"
"ScanningTask"=""
"bRollbackAllowed"=dword:00000000
"ProductHotfix"=""
"ProductHotfixNew"=""
"AutoModeUpdatePeriod"=dword:00000005
"AutoModeMinutePeriod"=dword:00000078
"RestartTime"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(536)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\diskkeeper\DkService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-17 22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 02:44
ComboFix2.txt 2009-04-15 00:05
ComboFix3.txt 2009-01-14 11:22

Pre-Run: 83,197,489,152 bytes free
Post-Run: 83,337,695,232 bytes free

319 --- E O F --- 2009-04-14 12:00

#5 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:10:57 PM

Posted 17 April 2009 - 05:22 AM

CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Ewabefova.dat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Slakaqoju"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Edited by Jat90, 17 April 2009 - 05:23 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#6 1sys

1sys
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 17 April 2009 - 05:54 PM

this is the log file created:



ComboFix 09-04-17.01 - Luan Mersini 04/17/2009 18:47.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2527 [GMT -4:00]
Running from: c:\documents and settings\Luan Mersini\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Luan Mersini\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\Ewabefova.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Ewabefova.dat

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 00:30 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:30 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:30 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:30 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 00:30 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:30 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:30 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:30 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 00:30 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:29 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 00:29 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 00:29 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 22:35 . 2009-04-15 22:35 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-15 22:35 . 2009-04-17 22:51 2164768 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 22:35 . 2009-04-17 22:51 29728 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-15 22:35 . 2009-04-17 02:56 4232 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-15 22:35 . 2009-04-17 02:56 28220 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-15 22:12 . 2009-04-15 22:12 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-14 23:47 . 2009-04-14 23:48 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\ApplicationHistory
2009-04-12 16:59 . 2009-04-12 16:59 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\ImgBurn
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Webroot
2009-04-12 13:15 . 2009-04-12 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-04-12 13:00 . 2009-04-15 20:59 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-04-12 12:53 . 2009-04-12 12:53 -------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-04-12 12:52 . 2009-04-12 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-12 12:51 . 2007-03-15 20:57 443752 ------w c:\windows\system32\d3dx10_33.dll
2009-04-12 12:51 . 2007-03-12 20:42 1123696 ------w c:\windows\system32\D3DCompiler_33.dll
2009-04-12 12:51 . 2007-03-12 20:42 3495784 ------w c:\windows\system32\d3dx9_33.dll
2009-04-12 12:48 . 2009-04-12 12:48 -------- d-----w c:\windows\system32\URTTEMP
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\scripting
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\l2schemas
2009-04-10 16:22 . 2009-04-10 16:22 -------- d-----w c:\windows\system32\en
2009-04-09 01:17 . 2009-04-15 19:49 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Move Networks
2009-03-28 15:31 . 2009-01-13 08:58 -------- d-sh--w C:\$RECYCLE.BIN
2009-03-28 07:11 . 2007-03-17 11:41 171136 --sha-r C:\grldr
2009-03-28 02:57 . 2009-03-28 07:13 8192 --s-a-r C:\BOOTSECT.BAK
2009-03-28 02:57 . 2008-09-16 17:54 333203 --sha-r C:\bootmgr
2009-03-28 02:57 . 2009-03-28 07:13 -------- d-sh--w C:\Boot
2009-03-28 02:37 . 2009-03-28 02:37 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-27 14:04 . 2009-03-27 14:04 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\tjnet
2009-03-27 00:47 . 2002-07-31 23:55 108 --sh--w c:\windows\WSYS049.SYS
2009-03-27 00:47 . 2001-09-05 16:28 41 ---h--w c:\windows\trfntw32.cfg
2009-03-27 00:46 . 2006-01-26 23:56 831776 ------w c:\windows\system32\wodFtpDLX.dll
2009-03-27 00:46 . 2003-10-09 19:10 274976 ------w c:\windows\system32\XceedFtp.dll
2009-03-27 00:32 . 1999-03-22 16:29 233472 ------w c:\windows\system32\Ilda32.dll
2009-03-27 00:32 . 1998-06-17 08:00 18944 ------w c:\windows\system32\BORLNDMM.DLL
2009-03-27 00:31 . 2009-03-27 00:40 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\NoteTab Light
2009-03-26 00:56 . 2009-04-17 16:48 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\mjusbsp
2009-03-26 00:55 . 2008-04-13 18:45 60032 ------w c:\windows\system32\drivers\usbaudio.sys
2009-03-26 00:55 . 2008-04-13 18:45 32128 ------w c:\windows\system32\drivers\usbccgp.sys
2009-03-25 23:26 . 2009-03-25 23:26 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-03-25 23:24 . 2008-12-22 12:23 20232 ------w c:\windows\system32\AntiSpyNative64.exe
2009-03-25 23:24 . 2008-12-22 12:23 16648 ------w c:\windows\system32\AntiSpyNative32.exe
2009-03-25 02:26 . 2009-03-25 02:26 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\ESET
2009-03-25 00:45 . 2009-03-25 02:14 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Uniblue
2009-03-25 00:42 . 2009-04-11 22:06 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Adobe
2009-03-25 00:42 . 2009-03-25 01:24 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools Pro
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools
2009-03-24 23:51 . 2009-03-24 23:51 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 02:31 . 2008-07-09 09:05 421888 ------w c:\windows\system32\ac3filter.acm
2009-03-23 23:59 . 2009-03-23 23:59 717296 ------w c:\windows\system32\drivers\sptd.sys
2009-03-23 23:59 . 2009-03-25 01:14 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\DAEMON Tools Lite
2009-03-23 21:19 . 2009-03-23 21:19 -------- d-----w c:\windows\system32\drivers\UMDF
2009-03-23 21:19 . 2009-03-23 21:19 -------- d-----w c:\windows\system32\LogFiles
2009-03-23 00:10 . 2007-08-13 22:54 33792 -c----w c:\windows\system32\dllcache\custsat.dll
2009-03-22 22:19 . 2009-03-22 22:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-03-21 23:27 . 2009-04-17 02:26 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\Vso
2009-03-21 23:27 . 2009-03-21 23:27 47360 ----a-w c:\documents and settings\Luan Mersini\Application Data\pcouffin.sys
2009-03-21 23:27 . 2009-03-21 23:27 47360 ------w c:\windows\system32\drivers\pcouffin.sys
2009-03-21 23:27 . 2006-09-29 15:26 176165 ------w c:\windows\system32\drv23260.dll
2009-03-21 23:27 . 2006-09-29 15:25 208935 ------w c:\windows\system32\drv33260.dll
2009-03-21 23:27 . 2006-09-29 15:24 217127 ------w c:\windows\system32\drv43260.dll
2009-03-21 21:15 . 2009-03-21 21:15 -------- d-sh--w C:\Diskeeper
2009-03-21 20:10 . 2009-03-21 20:10 -------- d-----w c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 22:36 . 2008-04-14 00:12 33792 ------w c:\windows\system32\mmcperf.exe
2009-03-20 22:18 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-03-20 22:16 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-03-20 22:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-20 22:16 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-03-20 22:16 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-03-20 22:15 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-03-20 22:15 . 2008-10-03 10:02 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-03-20 22:15 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-03-20 21:59 . 2008-04-27 15:35 180224 ------w c:\windows\system32\xvidvfw.dll
2009-03-20 21:59 . 2008-04-27 15:33 765952 ------w c:\windows\system32\xvidcore.dll
2009-03-20 21:59 . 2007-06-28 23:55 77824 ------w c:\windows\system32\xvid.ax
2009-03-20 21:58 . 2009-03-20 21:58 -------- d-----w C:\MEDIA PLAYER UPDATE
2009-03-20 21:43 . 2001-07-06 05:19 164 ------w c:\windows\avrack.ini
2009-03-20 21:43 . 2004-11-18 00:05 2297664 ------w c:\windows\system32\drivers\ALCXWDM.SYS
2009-03-20 21:43 . 2004-09-07 19:23 156672 ------w c:\windows\system32\RTLCPAPI.dll
2009-03-20 21:43 . 2004-11-15 23:20 77824 ----a-w c:\windows\SOUNDMAN.EXE
2009-03-20 21:43 . 2004-10-27 20:47 40960 ------w c:\windows\system32\ChCfg.exe
2009-03-20 21:43 . 2004-11-17 21:11 9319936 ------w c:\windows\system32\RTLCPL.EXE
2009-03-20 21:43 . 2002-02-05 18:54 141016 ------w c:\windows\system32\ALSNDMGR.WAV
2009-03-20 21:43 . 2004-11-17 21:08 16162816 ------w c:\windows\system32\ALSNDMGR.CPL
2009-03-20 21:43 . 2004-11-05 21:29 208896 ------w c:\windows\alcupd.exe
2009-03-20 21:43 . 2004-09-02 01:04 139264 ------w c:\windows\alcrmv.exe
2009-03-20 03:04 . 2009-03-20 03:04 -------- d-sh--w c:\documents and settings\Luan Mersini\UserData
2009-03-20 02:51 . 2009-03-20 02:51 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Help
2009-03-20 02:43 . 2006-10-27 00:56 32592 ------w c:\windows\system32\msonpmon.dll
2009-03-20 02:41 . 2009-03-20 02:41 -------- d-----w c:\windows\SHELLNEW
2009-03-20 02:41 . 2009-03-20 02:41 -------- d-----w c:\documents and settings\Luan Mersini\Local Settings\Application Data\Microsoft Help
2009-03-20 02:40 . 2009-03-20 02:44 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-20 02:40 . 2009-03-20 02:40 -------- d--h--r C:\MSOCache
2009-03-20 01:38 . 2004-08-04 07:56 221184 ------w c:\windows\system32\wmpns.dll
2009-03-20 01:38 . 2009-03-20 01:55 316640 ----a-w c:\windows\WMSysPr9.prx
2009-03-20 01:37 . 2009-04-10 16:22 -------- d-----w c:\windows\peernet
2009-03-20 01:37 . 2009-03-20 01:37 -------- d-----w c:\windows\provisioning
2009-03-20 01:37 . 2009-03-20 01:37 -------- d-----w c:\windows\ServicePackFiles
2009-03-20 01:35 . 2009-04-10 16:11 -------- d-----w c:\windows\EHome
2009-03-20 01:14 . 2009-03-20 01:16 -------- d-----w C:\AUDIO DRIVERS
2009-03-20 01:04 . 2008-04-14 10:42 11264 ------w c:\windows\system32\spnpinst.exe
2009-03-20 01:04 . 2004-08-02 19:20 7208 ------w c:\windows\system32\secupd.sig
2009-03-20 01:04 . 2004-08-02 19:20 4569 ------w c:\windows\system32\secupd.dat
2009-03-20 01:04 . 2002-04-16 02:11 67866 ------w c:\windows\system32\drivers\netwlan5.img
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\windows\system32\AGEIA
2009-03-20 00:48 . 2009-04-17 13:18 212641 ----a-w c:\windows\system32\nvapps.xml
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\windows\nview
2009-03-20 00:48 . 2009-02-18 19:44 453152 ------w c:\windows\system32\nvudisp.exe
2009-03-20 00:48 . 2009-02-18 19:44 19021 ------w c:\windows\system32\nvdisp.nvu
2009-03-20 00:48 . 2009-02-17 04:17 453152 ------w c:\windows\system32\NVUNINST.EXE
2009-03-20 00:47 . 2009-03-20 00:47 -------- d-----w C:\NVIDIA
2009-03-20 00:47 . 2008-04-14 00:11 1082368 ------w c:\windows\system32\esent.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 22:35 . 2009-04-15 22:35 -------- d-----w c:\program files\Kaspersky Lab
2009-04-15 21:52 . 2009-04-12 12:54 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-12 12:53 . 2009-04-12 12:53 -------- d-----w c:\program files\SmartSound Software
2009-04-12 12:52 . 2009-03-20 21:43 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-10 16:24 . 2009-03-17 01:24 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-10 16:15 . 2002-08-29 12:00 250048 --sha-r C:\ntldr
2009-03-29 07:00 . 2009-03-29 07:00 -------- d-----w c:\program files\MSXML 4.0
2009-03-27 20:24 . 2009-03-17 02:31 -------- d-----w c:\program files\Java
2009-03-27 00:46 . 2009-03-27 00:46 -------- d-----w c:\program files\CoffeeCup Software
2009-03-25 01:24 . 2009-03-25 00:42 -------- d-----w c:\program files\NOS
2009-03-25 00:46 . 2009-03-25 00:46 -------- d-----w c:\program files\Common Files\Adobe
2009-03-25 00:21 . 2009-03-25 00:21 -------- d-----w c:\program files\Uniblue
2009-03-23 21:20 . 2009-03-23 21:20 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-21 23:27 . 2009-03-21 23:27 -------- d-----w c:\program files\vso
2009-03-21 20:10 . 2009-03-21 20:10 -------- d-----w c:\program files\Common Files\Diskeeper Corporation
2009-03-20 21:59 . 2009-03-20 21:59 -------- d-----w c:\program files\Xvid
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\Realtek Sound Manager
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\AvRack
2009-03-20 21:43 . 2009-03-20 00:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 03:05 . 2009-03-20 03:05 -------- d-----w c:\program files\Yahoo!
2009-03-20 02:43 . 2009-03-20 02:43 -------- d-----w c:\program files\Microsoft Works
2009-03-20 02:42 . 2009-03-20 02:42 -------- d-----w c:\program files\Microsoft.NET
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\0KTNZ1B7.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\2GQFZZB1.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\II7F5FDR.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\75BJ1NP3.DAT
2009-03-20 01:22 . 2009-03-20 01:22 2678 ----a-w c:\windows\java\Packages\Data\5BZNJF73.DAT
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\program files\AGEIA Technologies
2009-03-20 00:48 . 2009-03-20 00:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-17 02:46 . 2009-03-17 02:46 -------- d-----w c:\documents and settings\Luan Mersini\Application Data\ESET
2009-03-17 02:45 . 2009-03-17 02:45 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-17 01:25 . 2009-03-17 01:25 -------- d-----w c:\program files\microsoft frontpage
2009-03-17 01:25 . 2009-03-17 01:25 558142 ----a-w c:\windows\java\Packages\EWRTNLNP.ZIP
2009-03-17 01:25 . 2009-03-17 01:25 155995 ----a-w c:\windows\java\Packages\W69VLBR5.ZIP
2009-03-17 01:23 . 2009-03-17 01:23 21640 ------w c:\windows\system32\emptyregdb.dat
2009-03-09 09:19 . 2009-03-17 02:31 410984 ------w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2002-08-29 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-06-23 16:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2002-08-29 12:00 729088 ------w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-07-26 04:31 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2002-08-29 12:00 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2002-08-29 12:00 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2002-08-29 12:00 1846784 ------w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2002-08-29 01:04 2066048 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2002-08-29 12:00 110592 ------w c:\windows\system32\services.exe
2009-02-06 11:08 . 2002-08-29 12:00 2189056 ------w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-08-29 12:00 35328 ------w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2002-08-29 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2002-07-31 23:55 . 2009-03-27 00:47 108 --sh--w c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-04-15_00.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-17 13:18 . 2009-04-17 13:18 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
- 2009-03-20 00:39 . 2007-08-11 01:46 26488 c:\windows\system32\spupdsvc.exe
+ 2009-03-20 00:39 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2005-04-27 15:53 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2005-04-27 15:53 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2002-08-29 12:00 . 2009-04-14 23:48 63130 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2009-04-17 13:22 63130 c:\windows\system32\perfc009.dat
+ 2006-03-01 19:44 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2006-03-01 19:44 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2006-03-01 19:44 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2006-03-01 19:44 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 22:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2009-03-17 01:22 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2009-03-17 01:22 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2006-11-01 21:42 . 2006-11-01 21:42 94314 c:\windows\system32\klogon.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 22:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 22:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2002-08-29 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2002-08-29 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
+ 2002-08-29 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2007-08-13 22:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2006-11-15 19:44 . 2006-11-15 19:44 18273 c:\windows\system32\drivers\klop.sys
+ 2009-04-15 22:35 . 2009-04-15 22:35 59536 c:\windows\system32\drivers\klin.sys
+ 2009-04-15 22:35 . 2009-04-15 22:35 61072 c:\windows\system32\drivers\klick.sys
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-03-20 22:17 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2009-03-23 00:13 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-23 00:13 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-23 00:13 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-03-23 00:13 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 22:39 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 22:39 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 22:39 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 22:39 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-23 00:13 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-03-23 00:13 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-07-15 04:34 . 2004-07-15 04:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_PerfCounter.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_mscorsn.dll
+ 2004-07-15 04:32 . 2004-07-15 04:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_CORPerfMonExt.dll
+ 2007-01-15 20:11 . 2007-01-15 20:11 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 23:09 . 2003-02-20 23:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 23:09 . 2003-02-20 23:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 04:32 . 2004-07-15 04:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-15 05:49 . 2004-07-15 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-04-17 02:55 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-17 02:55 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-17 02:55 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-17 02:55 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-17 02:55 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-17 02:55 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7c938206\System.Drawing.Design.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_498022a9\CustomMarshalers.dll
+ 2006-12-22 17:02 . 2006-12-22 17:02 6144 c:\windows\system32\mui\0409\mscorees.dll
- 2005-09-23 12:29 . 2005-09-23 12:29 6144 c:\windows\system32\mui\0409\mscorees.dll
- 2009-03-20 00:39 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2009-03-20 00:39 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2009-03-17 01:22 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-03-17 01:22 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-03-17 01:22 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2002-08-29 12:00 . 2009-04-14 23:48 403528 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2009-04-17 13:22 403528 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
- 2005-02-24 17:54 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
+ 2005-02-24 17:54 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2009-03-17 01:22 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2009-03-17 01:22 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-03-17 01:22 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2009-03-17 01:22 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2009-03-17 01:22 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2006-12-22 16:28 . 2006-12-22 16:28 271360 c:\windows\system32\mscoree.dll
+ 2002-08-29 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2002-08-29 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2007-08-13 22:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2007-07-11 16:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
- 2002-08-29 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2002-08-29 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2009-03-15 09:14 . 2009-04-15 22:00 190592 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 07:56 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 07:56 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2006-06-09 19:35 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2006-06-09 19:35 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
- 2006-06-09 19:35 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2006-06-09 19:35 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2009-04-15 22:35 . 2009-04-15 22:35 174864 c:\windows\system32\drivers\klif.sys
+ 2006-09-28 18:36 . 2006-09-28 18:36 104448 c:\windows\system32\drivers\kl1.sys
- 2009-03-20 22:17 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-20 22:17 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-13 22:54 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 22:54 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 22:44 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 22:44 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:44 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-23 00:13 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-23 00:13 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-08-13 22:43 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-23 00:13 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 22:39 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-23 00:13 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-23 00:13 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2002-08-29 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2002-08-29 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 22:39 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 22:39 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:39 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-03-20 22:17 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 22:39 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 22:39 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2002-08-29 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2003-02-21 08:42 . 2003-02-21 08:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_msvcr71.dll
+ 2004-07-15 04:25 . 2004-07-15 04:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_mscorjit.dll
+ 2004-07-15 04:24 . 2004-07-15 04:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_fusion.dll
+ 2004-07-15 05:49 . 2004-07-15 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_aspnet_isapi.dll
- 2004-07-15 04:33 . 2004-07-15 04:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 04:25 . 2004-07-15 04:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 05:49 . 2004-07-15 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-17 02:55 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-17 02:55 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-17 02:55 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-17 02:55 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-17 02:55 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-17 02:55 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a705cd18\System.Drawing.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_630814b5\System.Drawing.Design.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ef0d5285\CustomMarshalers.dll
- 2006-08-31 01:42 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2006-08-31 01:42 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2002-08-29 12:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2002-08-29 12:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2006-06-30 15:28 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-12 20:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2007-02-12 20:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
- 2009-03-20 22:17 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-20 22:17 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2009-03-20 22:17 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-03-20 22:17 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-03-20 22:17 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-03-20 22:17 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-20 22:17 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-20 22:17 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-03-20 22:17 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-20 22:17 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-23 00:13 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2009-03-23 00:13 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2009-03-23 00:13 . 2007-04-17 09:32 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 04:28 . 2004-07-15 04:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_mscorwks.dll
+ 2004-07-15 04:26 . 2004-07-15 04:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_mscorsvr.dll
+ 2004-07-15 18:29 . 2004-07-15 18:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2664\_mscorlib.dll
+ 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-17 02:55 . 2009-01-17 01:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-17 02:55 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-17 02:55 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2009-03-20 22:17 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-03-20 22:17 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-03-20 22:17 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-03-20 22:17 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-20 22:17 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-03-20 22:17 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-03-20 22:17 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-17 02:53 . 2009-04-17 02:53 4788224 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f92af2ea\System.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ee5ecddf\System.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_bd3a63cb\System.Xml.dll
+ 2009-04-17 02:53 . 2009-04-17 02:54 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6dc211fa\System.Xml.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4cd45196\System.Windows.Forms.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_00b4de14\System.Windows.Forms.dll
+ 2009-04-17 02:54 . 2009-04-17 02:54 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e19a9892\System.Drawing.dll
+ 2009-04-17 02:54 . 2009-04-17 02:54 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6d33ca01\System.Design.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_10cda665\System.Design.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aadf2045\mscorlib.dll
+ 2009-04-17 02:54 . 2009-04-17 02:54 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_195ce2f2\mscorlib.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-04-17 02:53 . 2009-04-17 02:53 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-03-20 01:23 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Luan Mersini\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-02-18 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Luan Mersini\\Application Data\\mjusbsp\\magicJack.exe"=

R2 RoxLiveShare10;LiveShare P2P Server 10; [x]
R2 SessionLauncher;SessionLauncher; [x]

.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-03-25 12:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 18:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\KasperskyLab\AVP6\Data]
@DACL=(02 0000)
"UpdateState"=dword:00000040
"LastStart"=dword:49e66209
"InsOsVer"=dword:02050100
"LastError"=dword:00000000
"Completion"=dword:00000000
"StartTime"=dword:ffffffff
"FinishTime"=dword:ffffffff
"ProductState"=dword:00000000
"ProtectionState"=dword:00000044
"KeyState"=dword:00000080
"ThreatsState"=dword:00000000
"ProductStateMask"=hex:00,00,00,00,00,00,00,00
"LastSuccessfulFullScan"=dword:ffffffff
"LastSuccessfulUpdate"=dword:ffffffff
"NextAutoUpdate"=dword:ffffffff
"LastFullScanState"=dword:00000000
"BasesError"=dword:00000000
"LicRenewStatus"=dword:00000002
"KlopKeyCount"=dword:00000000
"LicDaysTillExpiration"=dword:00000000
"LicInvalidReason"=dword:00000000
"LicKeyType"=dword:00000000
"RunningUpdaterURL"=""
"BlockedPort"=""
"Error"=dword:00000000
"TaskMalfunction"=""
"TaskDisabled"=""
"TaskNotRunning"="Web_Monitoring"
"ScanningTask"=""
"bRollbackAllowed"=dword:00000000
"ProductHotfix"=""
"ProductHotfixNew"=""
"AutoModeUpdatePeriod"=dword:00000005
"AutoModeMinutePeriod"=dword:00000078
"RestartTime"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\klogon.dll
.
Completion time: 2009-04-17 18:53
ComboFix-quarantined-files.txt 2009-04-17 22:53
ComboFix2.txt 2009-04-17 02:44
ComboFix3.txt 2009-04-15 00:05
ComboFix4.txt 2009-01-14 11:22

Pre-Run: 82,932,920,320 bytes free
Post-Run: 83,035,045,888 bytes free

558 --- E O F --- 2009-04-17 02:56

#7 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:10:57 PM

Posted 18 April 2009 - 06:17 AM

Hello,

How is your pc now?

ESET Online Scan

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#8 1sys

1sys
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 18 April 2009 - 05:59 PM

Hey Jet, i ran both the ESET online, like you recomended adn i ran my own KASPERSKY.
This is what KASPERSKY identified as trojans and adware/malware:

C:\Qoobox\Quarantine\C\WINDOWS\system32\cgxtovur.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\cnhtjyrc.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\lgaxinnd.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\piscajnc.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\pudibb.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\ubgrwbtv.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\ykpwnwuv.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\ynhvby.dll.vir
C:\DOCUME~1\LUANME~1\LOCALS~1\Temp\NODEA2B.tmp

And the text below is what ESET Online found:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4019 (20090418)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9d48714b7ecc244eadd5657d7a820ee6
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-04-18 10:53:39
# local_time=2009-04-18 06:53:39 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=507698
# found=3
# scan_time=9281
C:\Qoobox\Quarantine\C\WINDOWS\system32\nqvgsoft.dll.vir Win32/Adware.SuperJuan.A application DF5216EBE8841CC5A529D2AA8D1FB7BA
C:\Qoobox\Quarantine\C\WINDOWS\system32\XbIPqBeg.ini.vir Win32/Adware.Virtumonde.NEO~datafile application 068933681CFFC3E972C2307F8B32FF1D
C:\Qoobox\Quarantine\C\WINDOWS\system32\XbIPqBeg.ini2.vir Win32/Adware.Virtumonde.NEO~datafile application 0A9760D24DEBF0755F428E07BBD113B9

#9 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:10:57 PM

Posted 19 April 2009 - 06:00 AM

Hello,

All files located in Qoobox are part of ComboFix's quarantine. You are clean, just a few things you should do:

ATF Cleaner

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".


Congratulations you are now clean! :thumbup2:

We should tidy up our mess though.

Uninstall ComboFix
  • Go to Start, then click Run
  • In the box, type: Combofix /u
  • Press Enter or click ok, and ComboFix will uninstall. Refer to the picture below if unsure.
Posted Image



Take a read of this excellent tutorial:

Simple and easy ways to keep your computer safe and secure on the Internet


Disable and Enable System Restore.

You should disable and re-enable system restore to make sure there are no infected files found in a restore point. You should now create a new restore point, since your system is clean.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

Visit Microsoft's Windows Update Site Frequently
  • It is important that you visit http://www.windowsupdate.com regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
System still slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Next, I would recommend the download and installation of some (I would say two is enough) of the following programs:

Spybot© - Search and Destroy
  • This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
  • You should also scan your computer with program on a regular basis just as you would an anti virus software.
SUPERAntiSpyware
  • You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
  • Each antispyware product has different detection rates for different infections, using different products therefore increases your chances of finding and killing most malware.
MalwareBytes' Anti-Malware
  • Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.
  • Ability to perform full scans for all drives.
  • The "Quick Scan" option lets the user scan the computer quickly checking for the most damaging threats and completing in usually under 10 minutes.
Javacools© SpywareBlaster
  • SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

Glad I could Help :)
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#10 1sys

1sys
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 April 2009 - 09:03 PM

thanks Jat, i appreciated

#11 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:10:57 PM

Posted 20 April 2009 - 05:33 AM

No Problem.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help.
If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users