Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected with 'Your computer is infected' taskbar malware


  • This topic is locked This topic is locked
13 replies to this topic

#1 capurnicus

capurnicus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 02 September 2009 - 05:53 AM

Hi!

I seem to have been infected with some particularly vicious malware.. :(

I get a red bubble with a white 'x' on my taksbar. The message 'your computer is infected! WIndows has detected a spyware infection! Click here to protect your computer with spyware!'

Anti - Vir is going nuts over it (It keeps on picking up trojans and worms) Malwarebytes' Anti-Malware can't get rid of it, and neither can spybot. It has turned off Windows firewall and won't let me turn it back on.

I use Windows XP, have automatic updates turned on, am running SP2 and update Antivir, Spybot and Malwarebytes' Anti-Malware regularly.

It won't let me run ad-aware or spybot. :)

If you require any further information, let me know!

Many thanks in advance for any help you can give me :(

Rob







DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 11:14:16.37 on 02/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.453 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sys32_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\admin\sys32_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [sys32_nov] c:\documents and settings\admin\sys32_nov.exe
uRun: [braviax]
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sys32_nov] c:\windows\system32\sys32_nov.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall-beta.trendmicro.com/housecall/xscan60.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208780626295
DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208780611342
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: cru629.dat
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\e7akn3az.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\e7akn3az.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\e7akn3az.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-8 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-10 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-10 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-8 55656]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2007-5-15 41600]
R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [2006-7-25 357568]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2007-5-15 55552]
S0 aijgc;aijgc;c:\windows\system32\drivers\wzin.sys --> c:\windows\system32\drivers\wzin.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2005-2-11 152576]

=============== Created Last 30 ================

2009-09-02 08:28 140 a------- c:\documents and settings\admin\delself.bat
2009-09-02 08:26 11,264 a------- c:\windows\braviax.exe
2009-09-02 08:26 6,144 a------- c:\windows\system32\cru629.dat
2009-09-02 08:26 6,144 a------- c:\windows\cru629.dat
2009-09-01 23:31 <DIR> --d----- c:\windows\system32\XPSViewer
2009-09-01 23:30 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-01 23:30 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-01 23:30 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-01 23:30 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-01 23:30 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-01 23:30 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-01 23:30 <DIR> --d----- C:\0cfe553a257d0a6087923642eb
2009-09-01 23:30 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-01 23:30 <DIR> --d----- c:\windows\SxsCaPendDel
2009-09-01 23:26 <DIR> --d----- c:\program files\MSXML 6.0
2009-09-01 23:13 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-09-01 23:08 11,264 a------- c:\windows\system32\braviax.exe
2009-09-01 22:57 <DIR> a-dshr-- C:\cmdcons
2009-09-01 22:54 229,376 a------- c:\windows\PEV.exe
2009-09-01 22:05 <DIR> --d----- c:\windows\ERUNT
2009-09-01 17:45 94,016 ac------ c:\windows\system32\dllcache\agp440.sys
2009-09-01 17:44 29,216 a------- c:\windows\system32\sys32_nov.exe
2009-09-01 17:44 29,216 a------- c:\documents and settings\admin\sys32_nov.exe
2009-08-19 13:11 <DIR> --d----- c:\program files\iPod
2009-08-19 13:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 13:11 <DIR> --d----- c:\program files\iTunes
2009-08-13 05:46 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 05:40 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-08-12 05:36 203,264 a------- c:\windows\system32\Go your own way.scr
2009-08-12 05:36 <DIR> --d----- c:\windows\system32\Go your own way dir
2009-08-10 14:55 242,176 a------- c:\windows\system32\sdra64.exe.vir
2009-08-07 18:03 <DIR> --d----- c:\program files\Dl_cats
2009-08-07 18:01 65,536 a------- c:\windows\system32\dlcgcfg.dll
2009-08-07 18:01 7,780 a------- c:\windows\system32\LexFiles.ulf
2009-08-07 18:01 <DIR> --d----- c:\program files\Dell AIO 810
2009-08-07 18:01 <DIR> --d----- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-08-07 18:00 <DIR> --d----- C:\drivers
2009-08-07 17:05 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-08-07 17:05 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-05 10:11 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-09-02 08:28 94,016 a------- c:\windows\system32\drivers\agp440.sys
2009-08-05 21:31 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-09 12:16 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-07-08 15:23 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-08 15:22 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-03 18:09 915,456 -------- c:\windows\system32\wininet.dll
2009-06-29 17:12 78,336 -------- c:\windows\system32\ieencode.dll
2009-06-25 19:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 19:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 19:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 19:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 19:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 19:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 19:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 19:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 19:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 19:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 19:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 19:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 09:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 09:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 09:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-22 12:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 12:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 12:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-16 15:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 12:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 12:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 15:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 08:42 655,872 a------- c:\windows\system32\mstscax.dll
2005-06-27 12:37 21 a------- c:\program files\AVPersonalAVWIN.INI

============= FINISH: 11:14:57.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:13 PM

Posted 17 September 2009 - 02:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 capurnicus

capurnicus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 17 September 2009 - 02:53 PM

Hi Schruaber, many thanks for you reply :(

Here's a new DDS log as requested..

Rob


DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 21:00:55.21 on 17/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.435 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sys32_nov.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\admin\sys32_nov.exe
C:\Documents and Settings\admin\sys32_nov.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [sys32_nov] c:\documents and settings\admin\sys32_nov.exe
uRun: [braviax]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sys32_nov] c:\windows\system32\sys32_nov.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall-beta.trendmicro.com/housecall/xscan60.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208780626295
DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208780611342
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: cru629.dat
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\e7akn3az.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\e7akn3az.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\e7akn3az.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-8 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-10 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-10 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-8 55656]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2007-5-15 41600]
R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [2006-7-25 357568]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2007-5-15 55552]
S0 aijgc;aijgc;c:\windows\system32\drivers\wzin.sys --> c:\windows\system32\drivers\wzin.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2005-2-11 152576]

=============== Created Last 30 ================

2009-09-09 16:18 11,264 a------- c:\windows\system32\braviax.exe
2009-09-09 16:18 11,264 a------- c:\windows\braviax.exe
2009-09-09 16:18 6,144 a------- c:\windows\system32\cru629.dat
2009-09-09 16:18 6,144 a------- c:\windows\cru629.dat
2009-09-08 14:32 29,184 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-08 14:32 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-09-06 05:51 25,011 a------- c:\windows\system32\wisdstr.exe
2009-09-03 10:04 142 a------- c:\documents and settings\admin\delself.bat
2009-09-01 23:31 <DIR> --d----- c:\windows\system32\XPSViewer
2009-09-01 23:30 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-01 23:30 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-01 23:30 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-01 23:30 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-01 23:30 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-01 23:30 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-01 23:30 <DIR> --d----- C:\0cfe553a257d0a6087923642eb
2009-09-01 23:30 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-01 23:30 <DIR> --d----- c:\windows\SxsCaPendDel
2009-09-01 23:26 <DIR> --d----- c:\program files\MSXML 6.0
2009-09-01 23:13 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-09-01 22:57 <DIR> a-dshr-- C:\cmdcons
2009-09-01 22:54 229,376 a------- c:\windows\PEV.exe
2009-09-01 22:05 <DIR> --d----- c:\windows\ERUNT
2009-09-01 17:44 29,216 a------- c:\windows\system32\sys32_nov.exe
2009-09-01 17:44 29,216 a------- c:\documents and settings\admin\sys32_nov.exe
2009-08-19 13:11 <DIR> --d----- c:\program files\iPod
2009-08-19 13:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 13:11 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-08-12 05:36 203,264 a------- c:\windows\system32\Go your own way.scr
2009-08-10 14:55 242,176 a------- c:\windows\system32\sdra64.exe.vir
2009-08-05 21:31 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-08 15:23 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-03 18:09 915,456 -------- c:\windows\system32\wininet.dll
2009-06-29 17:12 78,336 -------- c:\windows\system32\ieencode.dll
2009-06-25 19:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 19:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 19:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 19:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 19:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 19:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 19:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 19:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 19:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 19:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 19:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 19:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 09:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 09:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 09:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-22 12:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 12:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 12:49 4,608 a------- c:\windows\system32\mqsvc.exe
2005-06-27 12:37 21 a------- c:\program files\AVPersonalAVWIN.INI

============= FINISH: 21:02:11.54 ===============

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 PM

Posted 17 September 2009 - 07:54 PM

Hi capurnicus,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.

Due to the warning from the developer of combofix, this tool should not run by oneself for being unsupervised. Sometimes, it will result into an unbootable machine.
Are you aware of the following file? Please specify that info in your next reply.

c:\windows\system32\Go your own way.scr

If you have no idea about this file, please go toJotti's Scan or Virus Total for scanning one suspicious file.
Copy /paste the below files path into the text box next to the Browse button at the top of the page

c:\windows\system32\Go your own way.scr
Click the Submit or Send File button and copy "Scanner results", and paste the contents into your next reply. After that, please do the following:



Step1

Please disable Spybot S&D's protection,or it will interfere.
  • You can enable it after you're clean.
  • Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Click the 'Allow Change' box.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
  • If it is, right click it and choose 'exit Spybot-S&D Resident'.
  • Restart the computer.
  • If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
  • http://www.russelltexas.com/malware/teatimer.htm
Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\documents and settings\admin\sys32_nov.exe
c:\windows\system32\drivers\wzin.sys 
c:\windows\system32\sys32_nov.exe
c:\windows\system32\braviax.exe
c:\windows\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\cru629.dat
c:\windows\system32\wisdstr.exe
c:\windows\system32\sdra64.exe.vir

Driver::
aijgc

DDS::
uInternet Settings,ProxyOverride = *.local
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [sys32_nov] c:\documents and settings\admin\sys32_nov.exe
uRun: [braviax] 
mRun: [sys32_nov] c:\windows\system32\sys32_nov.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
AppInit_DLLs: cru629.dat


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

If you have problem to run ComboFix, please delete that copy and redownload it again. Rename the ComboFix.exe to capurnicus.exe before saving it to your desktop.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<
In your next reply, please post back:


1.ComboFix log
2.Jotti's Scanner Results
3.RSIT log.txt and info.txt. Thanks.

Edited by sundavis, 17 September 2009 - 07:59 PM.


#5 capurnicus

capurnicus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 18 September 2009 - 05:18 AM

Hi Sundavi, many thanks for your reply :(


The file c:\windows\system32\Go your own way.scr is a Triumph motorcycle screensaver :(

Please note when running RSIT only one log was created - log.txt (see below)


Here is the Combofix log:


ComboFix 09-09-17.04 - admin 18/09/2009 10:50.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.539 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\capurnicus.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\admin\sys32_nov.exe"
"c:\windows\braviax.exe"
"c:\windows\cru629.dat"
"c:\windows\system32\braviax.exe"
"c:\windows\system32\cru629.dat"
"c:\windows\system32\drivers\wzin.sys"
"c:\windows\system32\sdra64.exe.vir"
"c:\windows\system32\sys32_nov.exe"
"c:\windows\system32\wisdstr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
c:\documents and settings\admin\delself.bat
c:\documents and settings\admin\sys32_nov.exe
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\sdra64.exe.vir
c:\windows\system32\sys32_nov.exe
c:\windows\system32\wisdstr.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211875.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aijgc


((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-18 09:46 . 2009-09-18 09:46 -------- d-----w- C:\rsit
2009-09-08 13:32 . 2009-09-08 13:30 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-08 13:32 . 2008-08-07 14:27 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\program files\MSBuild
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\program files\Reference Assemblies
2009-09-01 22:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-01 22:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-01 22:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-01 22:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-01 22:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-01 22:30 . 2009-09-01 22:31 -------- d-----w- C:\0cfe553a257d0a6087923642eb
2009-09-01 22:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-01 22:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-01 22:30 . 2009-09-02 07:26 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 22:26 . 2009-09-01 22:26 -------- d-----w- c:\program files\MSXML 6.0
2009-09-01 21:05 . 2009-09-01 21:05 -------- d-----w- c:\windows\ERUNT
2009-09-01 21:00 . 2009-09-01 21:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-01 21:00 . 2009-09-01 21:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-08-19 12:11 . 2009-08-19 12:11 -------- d-----w- c:\program files\iPod
2009-08-19 12:11 . 2009-08-19 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 12:11 . 2009-08-19 12:12 -------- d-----w- c:\program files\iTunes
2009-08-19 12:08 . 2009-08-19 12:09 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 19:54 . 2007-09-17 14:38 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2009-09-12 18:27 . 2007-09-03 06:20 -------- d-----w- c:\documents and settings\admin\Application Data\BitTorrent
2009-09-12 11:20 . 2006-08-25 20:44 -------- d-----w- c:\program files\PowerArchiver
2009-09-06 04:50 . 2009-08-07 17:03 -------- d-----w- c:\program files\Dl_cats
2009-09-02 07:28 . 2007-04-25 13:37 46520 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 11:39 . 2008-05-20 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-19 12:11 . 2008-05-20 17:54 -------- d-----w- c:\program files\Common Files\Apple
2009-08-19 12:09 . 2008-05-20 18:01 -------- d-----w- c:\program files\Bonjour
2009-08-12 04:36 . 2009-08-12 04:36 203264 ----a-w- c:\windows\system32\Go your own way.scr
2009-08-11 19:15 . 2007-07-08 17:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 13:25 . 2009-08-07 17:01 -------- d-----w- c:\program files\Dell AIO 810
2009-08-05 20:31 . 2009-07-08 14:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:11 . 2005-02-11 13:33 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2004-09-22 18:46 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 11:16 . 2009-03-16 18:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 11:16 . 2008-05-20 17:55 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-08 14:23 . 2009-07-08 15:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-08 14:22 . 2009-07-08 13:59 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 17:09 . 2004-01-08 15:23 915456 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-06-29 16:12 78336 ------w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2001-08-23 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2001-08-23 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2001-08-23 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2001-08-23 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2001-08-23 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2001-08-23 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2001-08-23 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2001-08-23 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2001-08-23 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2001-08-23 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2001-08-23 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2001-08-23 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2001-08-23 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2001-08-23 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2001-08-23 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2001-08-23 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2001-08-23 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2001-08-23 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2001-08-23 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2001-08-23 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2001-08-23 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2001-08-23 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2005-06-27 11:37 . 2005-03-22 13:23 21 ----a-w- c:\program files\AVPersonalAVWIN.INI
.

((((((((((((((((((((((((((((( SnapShot@2009-09-01_22.08.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-29 20:10 . 2008-07-29 20:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2009-09-01 22:31 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2008-07-29 18:59 . 2008-07-29 18:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2001-08-23 12:00 . 2009-09-01 22:36 72446 c:\windows\system32\perfc009.dat
+ 2008-07-25 10:17 . 2008-07-25 10:17 15360 c:\windows\system32\mui\0409\mscorees.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-05-08 16:08 . 2007-05-08 16:08 86728 c:\windows\system32\msxml6r.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 83968 c:\windows\system32\mscories.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 73720 c:\windows\system32\dxva2.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 96760 c:\windows\system32\dfshim.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 96760 c:\windows\system32\dfshim.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 20:10 . 2008-07-29 20:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 18:59 . 2008-07-29 18:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 18:32 . 2008-07-29 18:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 18:16 . 2008-07-29 18:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 10:17 . 2008-07-25 10:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 10:17 . 2008-07-25 10:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-29 20:07 . 2008-07-29 20:07 23040 c:\windows\Installer\160a35.msp
+ 2009-09-01 22:29 . 2009-09-01 22:29 88576 c:\windows\Installer\11e8ff.msi
+ 2009-09-01 22:30 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-09-02 07:33 . 2009-09-02 07:33 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-09-02 07:30 . 2009-09-02 07:30 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-09-02 07:29 . 2009-09-02 07:29 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-09-02 07:38 . 2009-09-02 07:38 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-09-01 22:31 . 2009-09-01 22:31 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 00:47 . 2007-10-24 00:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-09-01 22:32 . 2009-09-01 22:32 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-05-23 11:58 . 2008-05-23 11:58 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 01:19 . 2007-11-07 01:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 01:19 . 2007-11-07 01:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 20:23 . 2007-11-06 20:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-29 20:26 . 2008-07-29 20:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-10-24 11:30 . 2006-10-24 11:30 276992 c:\windows\system32\WMPhoto.dll
+ 2006-10-24 11:29 . 2006-10-24 11:29 352256 c:\windows\system32\WindowsCodecsExt.dll
+ 2006-10-24 11:30 . 2006-10-24 11:30 716288 c:\windows\system32\WindowsCodecs.dll
+ 2008-07-29 18:59 . 2008-07-29 18:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2009-09-01 22:31 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-09-01 22:31 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-09-01 22:31 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-09-01 22:31 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-09-01 22:31 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-09-01 22:30 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2005-02-16 19:46 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2005-02-16 19:46 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2005-02-16 19:46 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-09-01 22:30 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-09-01 22:30 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 15:15 . 2006-08-24 15:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-07-29 18:59 . 2008-07-29 18:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-29 19:35 . 2008-07-29 19:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 18:59 . 2008-07-29 18:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-24 11:30 . 2006-10-24 11:30 412160 c:\windows\system32\photometadatahandler.dll
+ 2001-08-23 12:00 . 2009-09-01 22:36 443942 c:\windows\system32\perfh009.dat
+ 2008-07-25 10:16 . 2008-07-25 10:16 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 282112 c:\windows\system32\mscoree.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 282112 c:\windows\system32\mscoree.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 622080 c:\windows\system32\icardagt.exe
+ 2008-07-29 20:10 . 2008-07-29 20:10 493048 c:\windows\system32\evr.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 17:47 . 2008-07-29 17:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 17:47 . 2008-07-29 17:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 22:15 . 2008-07-29 22:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 22:40 . 2008-07-29 22:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 19:35 . 2008-07-29 19:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 18:59 . 2008-07-29 18:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 18:16 . 2008-07-29 18:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 18:16 . 2008-07-29 18:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 18:16 . 2008-07-29 18:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 18:16 . 2008-07-29 18:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 03:59 . 2008-11-25 03:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 00:47 . 2007-10-24 00:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 08:58 . 2008-12-13 08:58 754688 c:\windows\Installer\1749c2.msp
+ 2009-09-01 22:33 . 2009-09-01 22:33 648192 c:\windows\Installer\17499f.msi
+ 2008-07-29 20:23 . 2008-07-29 20:23 250880 c:\windows\Installer\160a3e.msp
+ 2008-07-29 20:28 . 2008-07-29 20:28 278016 c:\windows\Installer\160a3c.msp
+ 2008-07-29 18:40 . 2008-07-29 18:40 291840 c:\windows\Installer\160a3a.msp
+ 2009-09-01 22:32 . 2009-09-01 22:32 137728 c:\windows\Installer\160a34.msi
+ 2008-07-29 16:35 . 2008-07-29 16:35 553472 c:\windows\Installer\11e904.msp
+ 2008-07-29 16:33 . 2008-07-29 16:33 506368 c:\windows\Installer\11e902.msp
+ 2008-07-29 16:37 . 2008-07-29 16:37 911360 c:\windows\Installer\11e901.msp
+ 2009-09-01 22:26 . 2009-09-01 22:26 871424 c:\windows\Installer\11e852.msi
+ 2009-09-01 22:30 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-09-01 22:30 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-09-01 22:30 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-09-01 22:30 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-09-01 22:30 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-09-02 07:33 . 2009-09-02 07:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-09-02 07:33 . 2009-09-02 07:33 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-09-02 07:33 . 2009-09-02 07:33 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-09-02 07:42 . 2009-09-02 07:42 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-09-02 07:36 . 2009-09-02 07:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-09-02 07:36 . 2009-09-02 07:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-09-02 07:32 . 2009-09-02 07:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-09-02 07:38 . 2009-09-02 07:38 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-09-02 07:31 . 2009-09-02 07:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-09-02 07:31 . 2009-09-02 07:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-09-02 07:31 . 2009-09-02 07:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-09-02 07:31 . 2009-09-02 07:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-09-02 07:38 . 2009-09-02 07:38 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-09-02 07:37 . 2009-09-02 07:37 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-09-02 07:38 . 2009-09-02 07:38 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-09-01 22:37 . 2009-09-01 22:37 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-09-01 22:37 . 2009-09-01 22:37 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-09-01 22:33 . 2009-09-01 22:33 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-09-01 22:37 . 2009-09-01 22:37 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-09-01 22:37 . 2009-09-01 22:37 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-05-23 11:58 . 2008-05-23 11:58 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-09-01 22:31 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-09-01 22:31 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-09-01 22:31 . 2008-07-06 16:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-09-01 22:31 . 2008-07-06 16:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-09-01 22:30 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2007-05-15 14:43 . 2007-05-15 14:43 1320800 c:\windows\system32\msxml6.dll
+ 2005-02-11 12:52 . 2009-09-02 07:27 1489768 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 22:40 . 2008-07-29 22:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 17:47 . 2008-07-29 17:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 18:35 . 2008-12-05 18:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-05 19:12 . 2008-12-05 19:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-10-24 00:47 . 2007-10-24 00:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 03:59 . 2008-11-25 03:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 08:57 . 2008-12-13 08:57 8397824 c:\windows\Installer\1749ad.msp
+ 2008-07-29 18:26 . 2008-07-29 18:26 1043456 c:\windows\Installer\160a3d.msp
+ 2008-07-29 19:37 . 2008-07-29 19:37 2679808 c:\windows\Installer\160a3b.msp
+ 2008-07-29 20:15 . 2008-07-29 20:15 3697664 c:\windows\Installer\160a39.msp
+ 2008-07-29 18:34 . 2008-07-29 18:34 1448448 c:\windows\Installer\160a38.msp
+ 2008-07-29 19:22 . 2008-07-29 19:22 4137984 c:\windows\Installer\160a37.msp
+ 2008-07-29 18:18 . 2008-07-29 18:18 3376640 c:\windows\Installer\160a36.msp
+ 2008-07-29 16:45 . 2008-07-29 16:45 2543616 c:\windows\Installer\11e908.msp
+ 2008-07-29 16:29 . 2008-07-29 16:29 2926080 c:\windows\Installer\11e907.msp
+ 2008-07-29 16:41 . 2008-07-29 16:41 6487040 c:\windows\Installer\11e906.msp
+ 2008-07-29 16:39 . 2008-07-29 16:39 3403264 c:\windows\Installer\11e905.msp
+ 2008-07-29 16:43 . 2008-07-29 16:43 1013248 c:\windows\Installer\11e903.msp
+ 2008-07-29 16:31 . 2008-07-29 16:31 6083072 c:\windows\Installer\11e900.msp
+ 2009-09-02 07:29 . 2009-09-02 07:29 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-09-02 07:33 . 2009-09-02 07:33 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-09-02 07:29 . 2009-09-02 07:29 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-09-02 07:33 . 2009-09-02 07:33 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-09-02 07:42 . 2009-09-02 07:42 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-09-02 07:42 . 2009-09-02 07:42 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-09-02 07:42 . 2009-09-02 07:42 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-09-02 07:32 . 2009-09-02 07:32 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-09-02 07:37 . 2009-09-02 07:37 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-09-02 07:32 . 2009-09-02 07:32 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-09-02 07:36 . 2009-09-02 07:36 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-09-02 07:32 . 2009-09-02 07:32 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-09-02 07:32 . 2009-09-02 07:32 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-09-02 07:32 . 2009-09-02 07:32 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-09-02 07:31 . 2009-09-02 07:31 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-09-02 07:31 . 2009-09-02 07:31 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-09-02 07:31 . 2009-09-02 07:31 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-09-02 07:29 . 2009-09-02 07:29 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-09-02 07:37 . 2009-09-02 07:37 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-09-02 07:40 . 2009-09-02 07:40 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-09-02 07:38 . 2009-09-02 07:38 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-09-01 22:37 . 2009-09-01 22:37 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-09-01 22:36 . 2009-09-01 22:36 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-09-01 22:32 . 2009-09-01 22:32 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-09-01 22:36 . 2009-09-01 22:36 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-09-01 22:31 . 2009-09-01 22:31 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-09-01 22:35 . 2009-09-01 22:35 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-13 09:21 . 2008-12-13 09:21 10473472 c:\windows\Installer\1749b7.msp
+ 2009-09-02 07:33 . 2009-09-02 07:33 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-09-02 07:41 . 2009-09-02 07:41 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-09-02 07:37 . 2009-09-02 07:37 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-09-02 07:32 . 2009-09-02 07:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-09-02 07:31 . 2009-09-02 07:31 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-09-02 07:30 . 2009-09-02 07:30 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-09-01 22:36 . 2009-09-01 22:36 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-08 520024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeedTouch 121g Wireless USB Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk
backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"AOL ACS"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08/07/2009 14:59 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/07/2009 10:41 108289]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [15/05/2007 20:05 41600]
R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [25/07/2006 00:51 357568]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [15/05/2007 20:05 55552]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [11/02/2005 19:45 152576]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:22]

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]

2009-09-18 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-06-25 18:08]

2009-06-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-06-25 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 11:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dlcgcoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-18 11:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 10:06
ComboFix2.txt 2009-09-01 22:14
ComboFix3.txt 2008-10-14 13:01
ComboFix4.txt 2008-03-24 20:32

Pre-Run: 8,988,479,488 bytes free
Post-Run: 9,088,069,632 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
912 --- E O F --- 2009-09-01 22:37


































Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-09-18 11:12:48
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (11%) free of 78 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:49, on 18/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\admin\Desktop\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208780626295
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208780611342
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 8101 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2007-01-25 154112]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-08 520024]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"dlcgmon.exe"=C:\Program Files\Dell AIO 810\dlcgmon.exe [2005-10-21 425984]
"DLCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-12-22 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2004-07-13 4112384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2004-07-13 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE [2004-07-02 295001]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-29 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
C:\PROGRA~1\AOL9~1.0A\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeedTouch 121g Wireless USB Monitor.lnk]
C:\PROGRA~1\THOMSO~1\SPEEDT~1\st121g.exe [2004-09-23 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2
"AOL ACS"=2
"AntiVirScheduler"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======List of files/folders created in the last 1 months======

2009-09-18 11:06:44 ----D---- C:\WINDOWS\temp
2009-09-18 11:06:42 ----A---- C:\ComboFix.txt
2009-09-18 10:46:09 ----D---- C:\rsit
2009-09-18 10:42:11 ----A---- C:\CFScript.txt
2009-09-17 21:02:19 ----A---- C:\DDS.txt
2009-09-02 11:30:32 ----A---- C:\RootRepeal report 09-02-09 (11-30-32).txt
2009-09-01 23:31:47 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-01 23:31:41 ----D---- C:\Program Files\MSBuild
2009-09-01 23:31:30 ----D---- C:\Program Files\Reference Assemblies
2009-09-01 23:30:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-01 23:30:52 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-01 23:30:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-01 23:30:51 ----D---- C:\0cfe553a257d0a6087923642eb
2009-09-01 23:30:33 ----D---- C:\WINDOWS\SxsCaPendDel
2009-09-01 23:27:04 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-09-01 23:26:58 ----D---- C:\Program Files\MSXML 6.0
2009-09-01 23:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-01 22:57:35 ----A---- C:\Boot.bak
2009-09-01 22:57:29 ----RASHD---- C:\cmdcons
2009-09-01 22:54:25 ----A---- C:\WINDOWS\PEV.exe
2009-09-01 22:54:25 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-01 22:18:34 ----D---- C:\Documents and Settings\admin\Application Data\WinRAR
2009-09-01 22:05:02 ----D---- C:\WINDOWS\ERUNT
2009-09-01 21:59:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-19 13:11:56 ----D---- C:\Program Files\iPod
2009-08-19 13:11:44 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 13:11:43 ----D---- C:\Program Files\iTunes
2009-08-19 13:08:18 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2009-09-18 11:11:27 ----D---- C:\WINDOWS\Prefetch
2009-09-18 11:07:20 ----D---- C:\Program Files\Mozilla Firefox
2009-09-18 11:06:44 ----D---- C:\WINDOWS\system32\drivers
2009-09-18 11:06:44 ----D---- C:\WINDOWS\system32
2009-09-18 11:06:44 ----D---- C:\WINDOWS
2009-09-18 11:06:44 ----D---- C:\QooBox
2009-09-18 11:04:36 ----D---- C:\WINDOWS\erdnt
2009-09-18 11:00:47 ----N---- C:\WINDOWS\system.ini
2009-09-18 11:00:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-18 10:58:16 ----D---- C:\WINDOWS\system32\config
2009-09-18 10:55:05 ----D---- C:\WINDOWS\AppPatch
2009-09-18 10:54:57 ----D---- C:\Program Files\Common Files
2009-09-18 10:48:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-18 10:34:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-15 20:54:41 ----D---- C:\Documents and Settings\admin\Application Data\Skype
2009-09-12 19:27:41 ----D---- C:\Documents and Settings\admin\Application Data\BitTorrent
2009-09-12 12:20:12 ----D---- C:\Program Files\PowerArchiver
2009-09-12 10:30:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-12 09:51:22 ----HD---- C:\WINDOWS\inf
2009-09-06 05:50:37 ----D---- C:\Program Files\Dl_cats
2009-09-02 11:18:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-02 08:42:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-02 08:42:15 ----RSD---- C:\WINDOWS\assembly
2009-09-02 08:26:42 ----D---- C:\Config.Msi
2009-09-01 23:37:27 ----SHD---- C:\WINDOWS\Installer
2009-09-01 23:36:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-01 23:35:43 ----D---- C:\WINDOWS\WinSxS
2009-09-01 23:31:41 ----RD---- C:\Program Files
2009-09-01 23:31:39 ----D---- C:\WINDOWS\system32\en-US
2009-09-01 23:31:36 ----RSD---- C:\WINDOWS\Fonts
2009-09-01 23:31:12 ----D---- C:\WINDOWS\system32\spool
2009-09-01 23:28:27 ----D---- C:\Program Files\Internet Explorer
2009-09-01 23:25:31 ----A---- C:\WINDOWS\imsins.BAK
2009-09-01 23:05:02 ----D---- C:\WINDOWS\system
2009-09-01 22:57:35 ----RASH---- C:\boot.ini
2009-09-01 21:59:58 ----D---- C:\Documents and Settings
2009-09-01 21:15:40 ----D---- C:\Documents and Settings\admin\Application Data\Adobe
2009-08-26 12:39:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-19 13:12:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-19 13:11:54 ----D---- C:\Program Files\Common Files\Apple
2009-08-19 13:09:50 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2006-07-25 15781]
R2 Nbf;NetBEUI Protocol; C:\WINDOWS\System32\DRIVERS\nbf.sys [2001-08-23 98176]
R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-10-29 135228]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-10-29 13358]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller; C:\WINDOWS\System32\Drivers\ousbehci.sys [2006-01-07 41600]
R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\BT4501G.sys [2005-11-16 357568]
R3 catchme;catchme; \??\C:\capurnicus\catchme.sys []
R3 DELTA;Service for Delta Driver (WDM); C:\WINDOWS\system32\drivers\delta.sys [2007-01-25 302336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-07-13 2459968]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; C:\WINDOWS\System32\DRIVERS\ousb2hub.sys [2006-01-07 55552]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\System32\DRIVERS\BLKWGU.sys []
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-02-15 6300]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-02-15 9021]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-02-17 140619]
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 152576]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\System32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R3 dlcg_device;dlcg_device; C:\WINDOWS\system32\dlcgcoms.exe [2005-10-28 491520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-12 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-08 1029456]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-09-29 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-07-13 114755]

-----------------EOF-----------------

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 PM

Posted 18 September 2009 - 07:23 AM

Hi capurnicus,




Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar



Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\drivers\svchost.exe"=-

FireFox::
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.


Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.ComboFix log
2.Kas Scan Report

Tell me how your pc is running now.

#7 capurnicus

capurnicus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 18 September 2009 - 12:19 PM

Right..

Here's the New Combofix Log


ComboFix 09-09-17.04 - admin 18/09/2009 14:07.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.662 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\capurnicus.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-18 09:46 . 2009-09-18 09:46 -------- d-----w- C:\rsit
2009-09-08 13:32 . 2009-09-08 13:30 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-08 13:32 . 2008-08-07 14:27 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\program files\MSBuild
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\program files\Reference Assemblies
2009-09-01 22:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-01 22:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-01 22:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-01 22:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-01 22:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-01 22:30 . 2009-09-01 22:31 -------- d-----w- C:\0cfe553a257d0a6087923642eb
2009-09-01 22:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-01 22:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-01 22:30 . 2009-09-02 07:26 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 22:26 . 2009-09-01 22:26 -------- d-----w- c:\program files\MSXML 6.0
2009-09-01 21:05 . 2009-09-01 21:05 -------- d-----w- c:\windows\ERUNT
2009-09-01 21:00 . 2009-09-01 21:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-01 21:00 . 2009-09-01 21:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 12:52 . 2006-07-12 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-15 19:54 . 2007-09-17 14:38 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2009-09-12 18:27 . 2007-09-03 06:20 -------- d-----w- c:\documents and settings\admin\Application Data\BitTorrent
2009-09-12 11:20 . 2006-08-25 20:44 -------- d-----w- c:\program files\PowerArchiver
2009-09-06 04:50 . 2009-08-07 17:03 -------- d-----w- c:\program files\Dl_cats
2009-09-02 07:28 . 2007-04-25 13:37 46520 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 11:39 . 2008-05-20 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-19 12:12 . 2009-08-19 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 12:12 . 2009-08-19 12:11 -------- d-----w- c:\program files\iTunes
2009-08-19 12:11 . 2009-08-19 12:11 -------- d-----w- c:\program files\iPod
2009-08-19 12:11 . 2008-05-20 17:54 -------- d-----w- c:\program files\Common Files\Apple
2009-08-19 12:09 . 2008-05-20 18:01 -------- d-----w- c:\program files\Bonjour
2009-08-19 12:09 . 2009-08-19 12:08 -------- d-----w- c:\program files\QuickTime
2009-08-12 04:36 . 2009-08-12 04:36 203264 ----a-w- c:\windows\system32\Go your own way.scr
2009-08-11 19:15 . 2007-07-08 17:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 13:25 . 2009-08-07 17:01 -------- d-----w- c:\program files\Dell AIO 810
2009-08-05 20:31 . 2009-07-08 14:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:11 . 2005-02-11 13:33 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2004-09-22 18:46 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 11:16 . 2009-03-16 18:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 11:16 . 2008-05-20 17:55 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-08 14:23 . 2009-07-08 15:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-08 14:22 . 2009-07-08 13:59 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 17:09 . 2004-01-08 15:23 915456 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-06-29 16:12 78336 ------w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2001-08-23 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2001-08-23 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2001-08-23 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2001-08-23 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2001-08-23 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2001-08-23 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2001-08-23 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2001-08-23 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2001-08-23 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2001-08-23 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2001-08-23 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2001-08-23 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2001-08-23 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2001-08-23 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2001-08-23 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2001-08-23 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2001-08-23 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2001-08-23 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2001-08-23 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2001-08-23 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2001-08-23 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2001-08-23 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2005-06-27 11:37 . 2005-03-22 13:23 21 ----a-w- c:\program files\AVPersonalAVWIN.INI
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-08 520024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeedTouch 121g Wireless USB Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk
backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"AOL ACS"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08/07/2009 14:59 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/07/2009 10:41 108289]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [15/05/2007 20:05 41600]
R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [25/07/2006 00:51 357568]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [15/05/2007 20:05 55552]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [11/02/2005 19:45 152576]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:22]

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]

2009-09-18 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-06-25 18:08]

2009-06-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-06-25 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 14:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-09-18 14:16
ComboFix-quarantined-files.txt 2009-09-18 13:15
ComboFix2.txt 2009-09-18 10:06
ComboFix3.txt 2009-09-01 22:14
ComboFix4.txt 2008-10-14 13:01
ComboFix5.txt 2009-09-18 12:56

Pre-Run: 9,185,525,760 bytes free
Post-Run: 9,203,634,176 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
211 --- E O F --- 2009-09-01 22:37










Here's the Kapersky Scan log, lots picked up!






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 18, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 18, 2009 15:37:57
Records in database: 2848522
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 130416
Threats found: 9
Infected objects found: 76
Suspicious objects found: 0
Scan duration: 02:56:26


File name / Threat / Threats count
C:\QooBox\Quarantine\C\Documents and Settings\admin\Start Menu\Programs\Startup\ikowin32.exe.vir Infected: Backdoor.Win32.Bredolab.ph 1
C:\QooBox\Quarantine\C\WINDOWS\cru629.dat.vir Infected: Backdoor.Win32.Small.ejx 1
C:\QooBox\Quarantine\C\WINDOWS\demsroC.dll.vir Infected: Trojan-Downloader.Win32.Mufanom.ddy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cru629.dat.vir Infected: Backdoor.Win32.Small.ejx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\QooBox\Quarantine\[4]-Submit_2009-09-18_10.50.08.zip Infected: Trojan-Dropper.Win32.Agent.bbup 2
C:\QooBox\Quarantine\[4]-Submit_2009-09-18_10.50.08.zip Infected: Trojan.Win32.Vilsel.cok 2
C:\QooBox\Quarantine\[4]-Submit_2009-09-18_10.50.08.zip Infected: Trojan-Spy.Win32.Zbot.aakt 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0210682.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0210683.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0210705.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0210706.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211716.exe Infected: Trojan-Dropper.Win32.Agent.bbup 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211720.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211721.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211727.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211728.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211770.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211771.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211786.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211787.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211896.exe Infected: Backdoor.Win32.Bredolab.ph 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211928.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP927\A0211929.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP928\A0211991.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP928\A0212325.exe Infected: Trojan-Downloader.Win32.FraudLoad.fko 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212332.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212333.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212340.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212342.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212353.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212354.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212359.exe Infected: Trojan-Downloader.Win32.FraudLoad.fko 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212383.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212384.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212390.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212391.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212400.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP929\A0212401.sys Infected: Virus.Win32.Protector.c 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP932\A0212502.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP932\A0212504.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP932\A0212531.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP932\A0212532.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP932\A0212542.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP932\A0212543.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP933\A0212553.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP933\A0212571.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP933\A0212572.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP933\A0212581.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP933\A0212582.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP934\A0212649.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP934\A0212650.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP935\A0212677.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP935\A0212678.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP935\A0212687.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP935\A0212688.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP936\A0212715.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP936\A0212716.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP936\A0212747.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP936\A0212748.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212777.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212778.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212787.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212788.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212816.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212817.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212848.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP937\A0212849.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP938\A0212857.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP938\A0212900.exe Infected: Trojan-Dropper.Win32.Agent.bbup 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP938\A0212902.exe Infected: Trojan.Win32.Vilsel.cok 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP938\A0212903.exe Infected: Trojan-Dropper.Win32.Agent.bbup 1
C:\System Volume Information\_restore{2670089F-068C-4A48-A60D-EE0B0D0CD37E}\RP938\A0212905.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\WINDOWS\system32\dllcache\beep.sys Infected: Backdoor.Win32.UltimateDefender.igv 1

Selected area has been scanned.






My computer is now running fine thanks to yourself! :( No more Antivir warnings, taskbar icon and warnings have dissapeared, and Firewall is now running!

Thankyou very much for your kind help and assistance so far :(

Rob

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 PM

Posted 18 September 2009 - 01:51 PM

Hi capurnicus,



As far as those infected objects listed in the Kaspersky report, the QooBox belongs to ComboFix quarantine folder which can be safely removed by uninstalling Combofix later.
As to the old System Restore Points, Whatever is in there can't harm you unless you choose to perform a manual restore and we can flush system Restore Points by uninstalling Combofix too.

We need to run ComboFix one more time to replace one infected file. Please be patient and do the following:


Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Folder::
c:\documents and settings\All Users\Application Data\Viewpoint

File::
c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FCopy::
C:\windows\system32\drivers\beep.sys | C:\WINDOWS\system32\dllcache\beep.sys
 
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log

Edited by sundavis, 18 September 2009 - 11:24 PM.


#9 capurnicus

capurnicus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 19 September 2009 - 04:36 AM

Hi,

I'm away from my computer untill tomorrow night, I will reply as soon as possible tomorrow.


Thanks for your continued support!


Rob

#10 capurnicus

capurnicus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 21 September 2009 - 02:54 PM

Hi sundavis,

Here's the lastest Combofix log, computer is still working fine :(






ComboFix 09-09-17.04 - admin 21/09/2009 20:35.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.647 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\capurnicus.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\program files\Mozilla Firefox\plugins\npViewpoint.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

.
--------------- FCopy ---------------

c:\windows\system32\drivers\beep.sys --> c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-18 13:42 . 2009-09-18 13:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-18 09:46 . 2009-09-18 09:46 -------- d-----w- C:\rsit
2009-09-08 13:32 . 2008-08-07 14:27 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-08 13:32 . 2008-08-07 14:27 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\program files\MSBuild
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\program files\Reference Assemblies
2009-09-01 22:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-01 22:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-01 22:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-01 22:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-01 22:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-01 22:30 . 2009-09-01 22:31 -------- d-----w- C:\0cfe553a257d0a6087923642eb
2009-09-01 22:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-01 22:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-01 22:30 . 2009-09-02 07:26 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 22:26 . 2009-09-01 22:26 -------- d-----w- c:\program files\MSXML 6.0
2009-09-01 21:05 . 2009-09-01 21:05 -------- d-----w- c:\windows\ERUNT
2009-09-01 21:00 . 2009-09-01 21:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-01 21:00 . 2009-09-01 21:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 15:40 . 2006-08-25 20:44 -------- d-----w- c:\program files\PowerArchiver
2009-09-18 13:42 . 2005-02-13 17:01 -------- d-----w- c:\program files\Java
2009-09-15 19:54 . 2007-09-17 14:38 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2009-09-12 18:27 . 2007-09-03 06:20 -------- d-----w- c:\documents and settings\admin\Application Data\BitTorrent
2009-09-06 04:50 . 2009-08-07 17:03 -------- d-----w- c:\program files\Dl_cats
2009-09-02 07:28 . 2007-04-25 13:37 46520 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 11:39 . 2008-05-20 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-19 12:12 . 2009-08-19 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 12:12 . 2009-08-19 12:11 -------- d-----w- c:\program files\iTunes
2009-08-19 12:11 . 2009-08-19 12:11 -------- d-----w- c:\program files\iPod
2009-08-19 12:11 . 2008-05-20 17:54 -------- d-----w- c:\program files\Common Files\Apple
2009-08-19 12:09 . 2008-05-20 18:01 -------- d-----w- c:\program files\Bonjour
2009-08-19 12:09 . 2009-08-19 12:08 -------- d-----w- c:\program files\QuickTime
2009-08-12 04:36 . 2009-08-12 04:36 203264 ----a-w- c:\windows\system32\Go your own way.scr
2009-08-11 19:15 . 2007-07-08 17:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 13:25 . 2009-08-07 17:01 -------- d-----w- c:\program files\Dell AIO 810
2009-08-05 20:31 . 2009-07-08 14:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:11 . 2005-02-11 13:33 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2004-09-22 18:46 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 11:16 . 2009-03-16 18:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 11:16 . 2008-05-20 17:55 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-08 14:23 . 2009-07-08 15:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-08 14:22 . 2009-07-08 13:59 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 17:09 . 2004-01-08 15:23 915456 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-06-29 16:12 78336 ------w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2001-08-23 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2001-08-23 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2001-08-23 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2001-08-23 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2001-08-23 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2001-08-23 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2001-08-23 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2001-08-23 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2001-08-23 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2001-08-23 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2001-08-23 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2001-08-23 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2001-08-23 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2001-08-23 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2001-08-23 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2001-08-23 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2001-08-23 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2001-08-23 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2005-06-27 11:37 . 2005-03-22 13:23 21 ----a-w- c:\program files\AVPersonalAVWIN.INI
.

((((((((((((((((((((((((((((( SnapShot_2009-09-18_10.00.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-18 13:42 . 2009-09-18 13:42 149280 c:\windows\system32\javaws.exe
+ 2009-09-18 13:42 . 2009-09-18 13:42 145184 c:\windows\system32\javaw.exe
+ 2009-09-18 13:42 . 2009-09-18 13:42 145184 c:\windows\system32\java.exe
+ 2009-09-18 13:42 . 2009-09-18 13:42 1757696 c:\windows\Installer\3f82f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-08 520024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeedTouch 121g Wireless USB Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk
backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"AOL ACS"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08/07/2009 14:59 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/07/2009 10:41 108289]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [15/05/2007 20:05 41600]
R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [25/07/2006 00:51 357568]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [15/05/2007 20:05 55552]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [11/02/2005 19:45 152576]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:22]

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]

2009-09-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-06-25 18:08]

2009-06-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-06-25 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\e7akn3az.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 20:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,93,fd
.
Completion time: 2009-09-21 20:47
ComboFix-quarantined-files.txt 2009-09-21 19:47
ComboFix2.txt 2009-09-18 13:16
ComboFix3.txt 2009-09-18 10:06
ComboFix4.txt 2009-09-01 22:14
ComboFix5.txt 2009-09-21 19:33

Pre-Run: 8,900,550,656 bytes free
Post-Run: 8,976,994,304 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
207 --- E O F --- 2009-09-01 22:37

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 PM

Posted 21 September 2009 - 04:10 PM

Hi capurnicus,


computer is still working fine.

That sounds good. :(

The infected file was replaced as expected. Your logs appear to be clean now. :( If you have no remaining concerns on your pc, let's do some tidy up and we can send you on your way.

Step1

Please rename capurnicus.exe back to ComboFix.exe from your desktop.

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

Download OTC by OldTimer and save it to your desktop.
  • Double click OTC and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9 to your desktop.
    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.

  • Update all these programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 PM

Posted 21 September 2009 - 04:17 PM

Server error

Edit to serve its purpose.

Edited by sundavis, 21 September 2009 - 04:19 PM.


#13 capurnicus

capurnicus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 22 September 2009 - 02:57 PM

All requested steps taken :)

Thankyou for your time and assistance, you won't believe how happy I am now everything's ok.

Thankyou again

Rob

:( :) :)

:(

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 PM

Posted 25 September 2009 - 01:02 AM

Since this issue appears resolved ... this Topic is closed.

Glad we could help.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users