Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit(?) - Can't run spyware-removal programs,


  • This topic is locked This topic is locked
19 replies to this topic

#1 wonderfull

wonderfull

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 07 October 2009 - 11:16 PM

(thank you so much to rigel for getting me this far!)

Hi, my laptop is a Dell Inspiron E1505 and I am using Windows XP :(

Problems (in order of appearance):
- Cannot perform System Restore (haven't been able to in a long time)
- Search engine redirects
- Cannot run Safe Mode (this has happened before, but that was due to a missing file, which I re-installed, and this time it's a different error... "A problem has been detected and windows has been shut down to prevent damage to your computer")
- Pop-ups (search engines ex. StopSearchClick, virus protection)
- Can't run Spybot: Search and Destroy, Malwarebytes' Anti-Malware, or HijackThis
--> "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
- Both IE and Firefox are crashing frequently

Things I may have done to exacerbate problems while trying to fix them:
- deleting (newly created) files in system32, temp and system folders

I've done a decent job of getting rid of problems in the past, by running searches (and finding great sites/forums like this one) or figuring out what to do on my own (ex. I've been able to locate those ridiculous and merciless pseudo- "virus protection" programs and delete them on my own), but I probably got overzealous and now I have too many problems to be able to find one solution for all of them. Please help? I greatly appreciate any time or assistance (it's amazing what people do on forums like this one to help other people). Thank you and have a nice day!


2009-10-07,22:49:08

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<ModemOnHold><C:\Program Files\NetWaiting\netWaiting.exe>  []
	<DellSupport><"C:\Program Files\DellSupport\DSAgnt.exe" /startup>  [(Verified)Dell Inc.]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
	<Aim6><"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp>  [(Verified)AOL LLC]
	<Windows System Recover!><C:\DOCUME~1\kitty kat\Local Settings\Temp\svchost.exe>  [File is missing]
	<WIndows Rescue Disk><C:\DOCUME~1\kitty kat\Local Settings\Temp\smss.exe>  []
	<Yjafosi8kdf98winmdkmnkmfnwe><C:\DOCUME~1\kitty kat\Local Settings\Temp\user.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<IntelZeroConfig><"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe">  [Intel Corporation]
	<IntelWireless><"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless>  [Intel Corporation]
	<SigmatelSysTrayApp><stsystra.exe>  [SigmaTel, Inc.]
	<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<PCMService><"C:\Program Files\Dell\Media Experience\PCMService.exe">  [CyberLink Corp.]
	<DVDLauncher><"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe">  [CyberLink Corp.]
	<ISUSPM Startup><"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup>  [InstallShield Software Corporation]
	<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
	<ECenter><"c:\dell\E-Center\gtb.exe">  []
	<dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
	<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
	<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
	<calc><rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0>  [Microsoft]
	<lsdefrag><C:\wqtneupy.exe>  []
	<1183127142><C:\WINDOWS\system32\config\systemprofile\Application Data\1183127142\1183127142.exe>  [File is missing]
	<5918839756><C:\Documents and Settings\SUSHI\Application Data\5918839756\5918839756.exe>  []
	<17089631><C:\Documents and Settings\All Users\Application Data\17089631\17089631.exe>  []
	<07917327><C:\Documents and Settings\All Users\Application Data\07917327\07917327.exe>  []
	<lavobujil><Rundll32.exe "c:\windows\system32\sigevewo.dll",a>  []
	<19592430><C:\Documents and Settings\All Users\Application Data\19592430\19592430.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><jepafuzi.dll c:\windows\system32\litijaro.dll c:\windows\system32\sigevewo.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
	<SysTray><%systemroot%\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
	<bavifefud><c:\windows\system32\sigevewo.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<ThreadingModel><Apartment>  [N/A]
	<{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}><>  [N/A]
	<{A249BC15-23F2-42AD-F4E4-00AAC39C0004}><>  [N/A]
	<{083fc2f2-c571-4358-bb42-3f8d25b219e2}><c:\windows\system32\sigevewo.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Digital Line Detect]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk --> C:\PROGRA~1\DIGITA~1\DLG.exe [BVRP Software]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [Microsoft Corporation]><N>
[is-JTIN9]
  <C:\Documents and Settings\kitty kat\Start Menu\Programs\Startup\is-JTIN9.lnk --> C:\DOCUME~1\kitty kat\Desktop\VIRUSR~1\is-JTIN9\startup.exe [N/A]><N>
[scandisk]
  <C:\Documents and Settings\kitty kat\Start Menu\Programs\Startup\scandisk.dll -->  [File is missing]><H>
[scandisk]
  <C:\Documents and Settings\kitty kat\Start Menu\Programs\Startup\scandisk.lnk --> C:\WINDOWS\system32\rundll32.exe [Microsoft Corporation]><H>

==================================
Services
[Network Security / 6to4][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\6to4v32.dll><N/A>
[AntiPol / AntiPol][Stopped/Auto Start]
  <C:\WINDOWS\svchast.exe><(File is missing)>
[AntipyProex / AntipPro2009_100][Stopped/Auto Start]
  <C:\WINDOWS\svchast.exe><(File is missing)>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[DSBrokerService / DSBrokerService][Stopped/Manual Start]
  <"C:\Program Files\DellSupport\brkrsvc.exe"><>
[Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[fastnetsrv  Service / fastnetsrv][Running/Auto Start]
  <C:\WINDOWS\system32\FastNetSrv.exe><Sigma Designs In>
[NICCONFIGSVC / NICCONFIGSVC][Running/Auto Start]
  <C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe><Dell Inc.>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[Viewpoint Manager Service / Viewpoint Manager Service][Running/Auto Start]
  <"C:\Program Files\Viewpoint\Common\ViewpointService.exe"><Viewpoint Corporation>
[Intel(R) PROSet/Wireless SSO Service / WLANKEEPER][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel(R) Corporation>
[BtwSrv / BtwSrv][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\BtwSrv.dll><X-Ways Software Technology>

==================================
Drivers
[AEGIS Protocol (IEEE 802.1x) v3.4.9.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[APPDRV / APPDRV][Running/System Start]
  <\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS><Dell Inc>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[DSproct / DSproct][Stopped/Manual Start]
  <\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys><Gteko Ltd.>
[DellSupport UniDriver / dsunidrv][Running/Auto Start]
  <system32\DRIVERS\dsunidrv.sys><Gteko Ltd.>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[is-JTIN9drv / is-JTIN9drv][Stopped/System Start]
  <system32\DRIVERS\32651639.sys><N/A>
[isasdk / isasdk][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\isasdk.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[mfnvbo / mfnvbo][Stopped/Auto Start]
  <system32\drivers\hasrpba.sys><N/A>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Motorola SURFboard USB Cable Modem Windows Driver / ndiscm][Stopped/Manual Start]
  <system32\DRIVERS\NetMotCM.sys><Motorola Inc.>
[NOWMEMDF / NOWMEMDF][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NOWMEMDF.sys><(c)NOWCOM>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OMCI WDM Device Driver / omci][Running/System Start]
  <system32\DRIVERS\omci.sys><Dell Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[WLAN Transport / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[Symantec Network Security Intermediate Filter Service / SymIM][Stopped/Manual Start]
  <system32\DRIVERS\SymIM.sys><N/A>
[SymIMMP / SymIMMP][Stopped/Manual Start]
  <system32\DRIVERS\SymIM.sys><N/A>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel® Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <system32\DRIVERS\wanatw4.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[productexpress]
  {02581f1b-cb40-fa2c-da15-d278d1fde428} <C:\WINDOWS\system32\6cb62280.dll, >
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[]
  {A249BC15-23F2-42AD-F4E4-00AAC39C0004} <, >
[Java Plug-in 1.6.0_07]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
[AIM Toolbar]
  {0b83c99c-1efa-4259-858f-bcb33e007a5b} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, (Signed) Microsoft Corporation>
[MUSICMATCH MX Web Player]
  {d81ca86b-ef63-42af-bee3-4502d9a03c2d} <, >
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[AIM Toolbar]
  {61539ecd-cc67-4437-a03c-9aaccbd14326} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
[Java Plug-in 1.4.2_03]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[productexpress]
  {02581F1B-CB40-FA2C-DA15-D278D1FDE428} <C:\WINDOWS\system32\6cb62280.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {0B83C99C-1EFA-4259-858F-BCB33E007A5B} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[]
  {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[AIM Toolbar]
  {61539ECD-CC67-4437-A03C-9AACCBD14326} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {76DC0B63-1533-4BA9-8BE8-D59EB676FA02} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {A249BC15-23F2-42AD-F4E4-00AAC39C0004} <, >
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[AIM Toolbar Loader]
  {B0CDA128-B425-4EEF-A174-61A11AC5DBF8} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {BA52B914-B692-46C4-B683-905236F6F655} <, >
[]
  {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} <, >
[]
  {CA6319C0-31B7-401E-A518-A07C3DB8F777} <, >
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, (Signed) Adobe Systems Incorporated>
[]
  {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} <, >
[Msxml]
  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&AIM Toolbar Search]
  <C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html, N/A>
[&Google Search]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[&Translate English Word]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[Backward Links]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000, N/A>
[Similar Pages]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[Translate Page into English]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html, N/A>

==================================
Running Processes
[PID: 844 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4446]
[PID: 964 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 992 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyetuza.dll]  [N/A, ]
[PID: 1192 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1304 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1400 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\System32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\6to4v32.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1444 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
[PID: 1536 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe]  [Intel Corporation, 10, 1, 0, 1]
	[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
	[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 1576 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe]  [Intel Corporation , 10, 1, 0, 33]
	[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
	[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
	[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
	[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
	[C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL]  [N/A, ]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 1632 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe]  [Intel(R) Corporation, 10, 1, 0, 27]
	[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
	[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
	[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
	[C:\Program Files\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
	[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
	[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
	[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10, 1, 0, 37]
	[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 0, 1]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 1752 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
[PID: 1784 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
[PID: 2044 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 304 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.12.33.0]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
[PID: 388 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,5,11]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
[PID: 648 / SYSTEM][C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe]  [Dell Inc., 7, 0, 7, 0]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 700 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe]  [Intel Corporation, 10, 1, 0, 1]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 756 / SYSTEM][C:\WINDOWS\System32\snmp.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)]
	[C:\WINDOWS\System32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
[PID: 1244 / SYSTEM][C:\Program Files\Viewpoint\Common\ViewpointService.exe]  [Viewpoint Corporation, 2, 0, 0, 54]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
[PID: 2192 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 2548 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\System32\jepafuzi.dll]  [N/A, ]
[PID: 1616 / kitty kat][C:\WINDOWS\system32\drivers\smss.exe]  [PROMO Software, 9.6.1.5]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
[PID: 3040 / kitty kat][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4446]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 3048 / kitty kat][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 3060 / kitty kat][C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe]  [Intel Corporation, 10, 1, 0, 42]
	[C:\Program Files\Intel\Wireless\bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
	[C:\Program Files\Intel\Wireless\bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
	[C:\Program Files\Intel\Wireless\bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
	[C:\Program Files\Intel\Wireless\bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
	[C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll]  [N/A, ]
	[C:\Program Files\Intel\Wireless\bin\IntStngs.dll]  [, 10, 1, 0, 3]
	[C:\Program Files\Intel\Wireless\bin\MurocApi.dll]  [Intel Corporation, 10, 1, 0, 37]
	[C:\Program Files\Intel\Wireless\bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 0, 1]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 3080 / kitty kat][C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe]  [Intel Corporation, 10, 1, 0, 17]
	[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
	[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
	[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
	[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll]  [Intel Corporation, 10, 1, 1, 162]
	[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10, 1, 0, 37]
	[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 0, 1]
	[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
	[C:\Program Files\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 3092 / kitty kat][C:\WINDOWS\stsystra.exe]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]
	[C:\WINDOWS\system32\STLang.dll]  [SigmaTel, Inc., 1.1.4991.0  nd229 cp1]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[C:\WINDOWS\system32\stacapi.dll]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 3108 / kitty kat][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.2.4.6 08Mar06]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.2.4.6 08Mar06]
	[C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.2.4.6 08Mar06]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 3176 / kitty kat][C:\WINDOWS\system32\igfxsrvc.exe]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4446]
[PID: 3400 / kitty kat][C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe]  [Intel Corporation, 10, 1, 0, 79]
	[C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll]  [, 4.0.15.0 2005-11-16 13:05:02]
	[C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll]  [Intel Corporation, 10, 1, 0, 31]
	[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
	[C:\PROGRA~1\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
	[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
	[C:\PROGRA~1\Intel\Wireless\Bin\IWMSPROV.DLL]  [N/A, ]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.dll]  [Intel Corporation, 10, 1, 0, 1]
	[C:\PROGRA~1\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
	[C:\PROGRA~1\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
	[C:\PROGRA~1\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 1356 / kitty kat][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[\\?\globalroot\systemroot\system32\SKYNETtrvqnnfo.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4446]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]
	[C:\Program Files\Spybot - Search & Destroy\SDHelper.dll]  [Safer Networking Limited, 1, 6, 2, 14]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]
[PID: 5232 / kitty kat][C:\Program Files\Last.fm\LastFM.exe]  [Last.fm, 1.5.4.24567]
	[C:\Program Files\Last.fm\Moose1.dll]  [N/A, ]
	[C:\Program Files\Last.fm\LastFmTools1.dll]  [N/A, ]
	[C:\Program Files\Last.fm\QtSql4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\QtCore4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\Microsoft.VC80.CRT\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Last.fm\Microsoft.VC80.CRT\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Last.fm\QtXml4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\QtGui4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\QtNetwork4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\breakpad.dll]  [N/A, ]
	[C:\Program Files\Last.fm\LastFmFingerprint1.dll]  [N/A, ]
	[C:\Program Files\Last.fm\libfftw3f-3.dll]  [N/A, ]
	[C:\Program Files\Last.fm\zlibwapi.dll]  [, 1.2.3.0]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Last.fm\srv_httpinput.dll]  [N/A, ]
	[C:\Program Files\Last.fm\srv_madtranscode.dll]  [N/A, ]
	[C:\Program Files\Last.fm\srv_rtaudioplayback.dll]  [N/A, ]
	[C:\Program Files\Last.fm\imageformats\qgif4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\imageformats\qjpeg4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\imageformats\qmng4.dll]  [N/A, ]
	[C:\Program Files\Last.fm\ext_messengernotify.dll]  [N/A, ]
	[C:\Program Files\Last.fm\ext_skypenotify.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 6152 / kitty kat][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\furajubi.dll]  [N/A, ]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 6596 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\btwsrv.dll]  [X-Ways Software Technology, 5.2.2.3]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 6000 / SYSTEM][C:\WINDOWS\system32\FastNetSrv.exe]  [Sigma Designs In, 5. 3. 17]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 10232 / SYSTEM][C:\WINDOWS\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\jayidigo.dll]  [N/A, ]
[PID: 15164 / kitty kat][C:\Program Files\Alarm Clock\Alarm Clock.exe]  [, 1, 0, 0, 1]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 15936 / kitty kat][C:\Program Files\Alarm Clock\Alarm Clock.exe]  [, 1, 0, 0, 1]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 8276 / kitty kat][C:\Program Files\Alarm Clock\Alarm Clock.exe]  [, 1, 0, 0, 1]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 16152 / SYSTEM][C:\WINDOWS\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 26048 / kitty kat][C:\Documents and Settings\kitty kat\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
[PID: 23196 / kitty kat][C:\Documents and Settings\kitty kat\Desktop\sreng2\SREe50b02f1.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[c:\windows\system32\sigevewo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jepafuzi.dll]  [N/A, ]
	[C:\Documents and Settings\kitty kat\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\487F8A8E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1536, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1576, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1632, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 648, C:\PROGRAM FILES\DELL\QUICKSET\NICCONFIGSVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 700, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1244, C:\PROGRAM FILES\VIEWPOINT\COMMON\VIEWPOINTSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3060, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3080, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\IFRMEWRK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3092, C:\WINDOWS\STSYSTRA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3400, C:\PROGRA~1\INTEL\WIRELESS\BIN\DOT1XCFG.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 5232, C:\PROGRAM FILES\LAST.FM\LASTFM.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 6000, C:\WINDOWS\SYSTEM32\FASTNETSRV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 15164, C:\PROGRAM FILES\ALARM CLOCK\ALARM CLOCK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 15936, C:\PROGRAM FILES\ALARM CLOCK\ALARM CLOCK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 8276, C:\PROGRAM FILES\ALARM CLOCK\ALARM CLOCK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 26048, C:\DOCUMENTS AND SETTINGS\KITTY KAT\DESKTOP\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

Posted Image

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 08 October 2009 - 06:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 08 October 2009 - 10:06 PM

Hi sempai, thank you for helping and for the welcome! :-)

I tried running both kinds of DSS, but neither worked-- I do get the black information screen, and for the first DSS it does stay open for a little while, but the other closes almost immediately (too soon for me to read the text), and neither one produces a log in the end. I don't believe I have any script protection running. Is there anything else I could try?

We also tried gmer.exe in my initial thread (in Am I infected?), but it only got far enough to tell me that it was detecting a rootkit before it closed automatically and refused to open a second time, producing a similar error to the one I was getting with other spyware-removal-related programs on my computer. The only thing that got far enough to produce a log was System Repair Engineer.

:-/
Posted Image

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 09 October 2009 - 07:59 PM

Hello wonderfull,

We apologize for the delay. Forum have been busy.


*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.



Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.

~Semp :(

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 10 October 2009 - 10:38 AM

Thank you so much!!!

Volume in drive C has no label.
 Volume Serial Number is 0835-B70E

 Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

02/06/2009  01:46 PM		   408,064 netlogon.dll
			   1 File(s)		408,064 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e

04/13/2008  07:12 PM		   181,248 scecli.dll

 Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e

04/13/2008  07:12 PM		   407,040 netlogon.dll

 Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e

04/13/2008  07:11 PM			56,320 eventlog.dll
			   3 File(s)		644,608 bytes

 Directory of C:\WINDOWS\system32

08/04/2004  05:00 AM		   180,224 scecli.dll

 Directory of C:\WINDOWS\system32

08/04/2004  05:00 AM		   407,040 netlogon.dll

 Directory of C:\WINDOWS\system32

08/04/2004  05:00 AM			61,952 eventlog.dll
			   3 File(s)		649,216 bytes

	 Total Files Listed:
			   7 File(s)	  1,701,888 bytes
			   0 Dir(s)  26,745,237,504 bytes free

Edited by wonderfull, 10 October 2009 - 10:39 AM.

Posted Image

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 12 October 2009 - 07:21 AM

Hi wonderfull,


You are welcome. :( There's no need for you to put the logs in code tags, you can directly post them when you reply.


1. Please do the following:

1. Click on the Start button, then click on Run...
2. In the empty "Open:" box provided, type cmd and press Enter

This will launch a Command Prompt window (looks like DOS).

3. Copy the entire Bold text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll C:\ /y

4. In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
5. Press Enter.

When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #2) won't work if the file copy was not successful.

6. Exit the Command Prompt window.




2. Download The Avenger2 by SwanDog46.
  • Unzip avenger.exe to your desktop.
  • Copy the text in the following codebox by selecting all of it, and pressing ( + C) or by right clicking and selecting "Copy"
    Files to move:
    C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  • Now start The Avenger2 by double clicking avenger.exe on your desktop.
  • Read the prompt that appears, and press OK.
  • Paste the script into the textbox that appears, using ( + V) or by right clicking and choosing "Paste".
  • Press the "Execute" button.
  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.


3. Please download Combofix from any of the links below but rename it to CFscan before saving it to your desktop. (make sure to disable your anti virus/anti malware programs) - See HERE


Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.




4. Please save this FILE to your desktop. Click on Start > Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r




Please post the following when you reply:

1. Avenger.txt
2. ComboFix.txt
3. Win32kDiag.txt



~Semp

Edited by sempai, 12 October 2009 - 07:23 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 12 October 2009 - 01:50 PM

Hi Semp, step 1 seemed to be successful, but after Avenger 2 completed its first step and rebooted my computer, it didn't re-open and there was no log. I thought that might mean that the command didn't work even though it did say "1 file(s) copied." :-| Should I still proceed with Step 3?

Thank you!!

Edited by wonderfull, 12 October 2009 - 01:54 PM.

Posted Image

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 12 October 2009 - 08:00 PM

Hi wonderful,

Please look for the avenger log to this location C:\Avenger.txt then, proceed with step 3 and 4 of my previous post.


Please remember to post the following when you reply:

1. Avenger.txt
2. ComboFix.txt
3. Win32kDiag.txt


~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 13 October 2009 - 05:15 PM

Hello Semp,

I think you fixed it.............!!! :( Even if not, everything is working so much better than before. I'm not having Firefox crash with every other thing I click, and pages that weren't loading before are loading now. I'm afraid to try anything else drastic just yet but judging by everyday things like emails and things, my computer is working perfectly now! I'm so amazed and grateful :( thank you thank you thank you


Avenger.txt

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.



ComboFix.txt

ComboFix 09-10-12.03 - kitty kat 10/13/2009 1:40.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.1033.18.502.115 [GMT -5:00]
Running from: c:\documents and settings\kitty kat\Desktop\CFscan.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\system32\bahotobe.dll
c:\windows\system32\bitanazo.dll
c:\windows\system32\buyetuza.dll.tmp
c:\windows\system32\fapumoke.dll
c:\windows\system32\FInstall.sys
c:\windows\system32\genetoda.dll
c:\windows\system32\Install.txt
c:\windows\system32\jepafuzi.dll.tmp
c:\windows\system32\juserolu.dll
c:\windows\system32\kayufegi.dll
c:\windows\system32\koroyogo.dll
c:\windows\system32\lidovafu.dll
c:\windows\system32\mufogizo.dll
c:\windows\system32\namiroto.dll
c:\windows\system32\nayigewa.dll
c:\windows\system32\nozowefa.dll
c:\windows\system32\razusula.dll
c:\windows\system32\sebizawu.dll
c:\windows\system32\tasijapo.dll
c:\windows\system32\tatefumo.dll
c:\windows\system32\tilosomu.dll
c:\windows\system32\yejedotu.dll
c:\windows\system32\zitajalu.dll
c:\windows\TEMP\mta13187.dll
c:\windows\TEMP\mta21693.dll
c:\windows\TEMP\t4m0_591662463069.bk.old
c:\windows\TEMP\x1c23140.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 06:48 . 2009-10-13 06:48 -------- d-----w- c:\windows\LastGood
2009-10-13 06:27 . 2009-10-13 06:27 102188 ----a-w- c:\windows\system32\1518b430.exe
2009-10-13 05:24 . 2009-10-13 05:46 -------- d-----w- C:\CFscan
2009-10-06 22:30 . 2009-10-06 22:30 -------- d-----w- C:\news
2009-10-06 21:03 . 2009-10-06 21:03 -------- d-----w- C:\gmer
2009-10-05 19:59 . 2009-10-05 19:59 -------- d-----w- c:\program files\CCleaner
2009-10-05 18:08 . 2009-10-05 18:08 25126 ----a-w- C:\wqtneupy.exe
2009-10-05 18:08 . 2009-10-05 18:08 52224 ----a-w- C:\jkkxvqct.exe
2009-10-05 18:08 . 2009-10-05 18:08 45568 ----a-w- C:\tykcb.exe
2009-10-05 18:08 . 2009-10-05 18:08 167424 ----a-w- C:\nbuh.exe
2009-09-23 10:49 . 2009-09-23 10:49 1911296 ----a-w- c:\windows\system32\6cb62280.dll
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\program files\MSBuild
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\program files\Reference Assemblies
2009-09-22 22:33 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-22 22:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-22 22:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-22 22:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-22 22:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-22 22:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-22 22:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-22 22:33 . 2009-09-22 22:33 -------- d-----w- C:\a1d310df375d9735aa68
2009-09-22 22:27 . 2009-09-22 22:27 -------- d-----w- c:\program files\MSXML 6.0
2009-09-21 02:43 . 2009-10-05 20:12 -------- d-----w- c:\documents and settings\SUSHI
2009-09-20 01:37 . 2009-10-13 05:56 -------- d--h--w- c:\windows\PIF
2009-09-17 23:29 . 2009-10-12 02:49 -------- d-----w- c:\documents and settings\Administrator
2009-09-17 20:42 . 2009-09-17 20:42 2198 ----a-w- C:\nFsu1m.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 10:48 . 2009-10-05 18:10 1934848 ----a-w- c:\program files\mozilla firefox\components\118b70e4.dll
2008-11-05 22:02 . 2007-08-25 04:10 88 --sh--r- c:\windows\system32\3DFB1B457D.sys
2007-11-18 23:04 . 2007-11-18 23:04 56 --sh--r- c:\windows\system32\6253B5E4D2.sys
2008-11-05 22:02 . 2007-08-25 04:10 5278 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-13_05.36.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 06:46 . 2009-10-13 06:46 16384 c:\windows\Temp\Perflib_Perfdata_1ec.dat
+ 2009-10-13 06:25 . 2009-10-13 06:25 16384 c:\windows\Temp\Perflib_Perfdata_1e4.dat
+ 2004-08-04 10:00 . 2004-08-04 10:00 93696 c:\windows\system32\FastNetSrv.exe
+ 2009-10-13 06:47 . 2009-06-29 16:12 1159680 c:\windows\Temp\x1c54589.dll
+ 2009-10-13 06:46 . 2009-06-29 16:12 1159680 c:\windows\Temp\mta38888.dll
+ 2009-10-13 06:47 . 2009-06-29 16:12 1159680 c:\windows\Temp\mta105258.dll
+ 2009-10-13 05:38 . 2009-08-28 19:38 24689600 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02581f1b-cb40-fa2c-da15-d278d1fde428}]
2009-09-23 10:49 1911296 ----a-w- c:\windows\system32\6cb62280.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ECenter"="c:\dell\E-Center\gtb.exe" [2006-06-14 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"lsdefrag"="C:\wqtneupy.exe" [2009-10-05 25126]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"calc"="c:\docume~1\NETWOR~1\ntuser.dll" [2009-10-05 25088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\FastNetSrv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:51 PM 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [8/4/2004 5:00 AM 93696]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2009 12:22 PM 24652]
S1 is-JTIN9drv;is-JTIN9drv;c:\windows\system32\DRIVERS\32651639.sys --> c:\windows\system32\DRIVERS\32651639.sys [?]
S2 mfnvbo;mfnvbo;c:\windows\system32\drivers\hasrpba.sys --> c:\windows\system32\drivers\hasrpba.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BTWSRV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\SUSHI\Application Data\Mozilla\Firefox\Profiles\4lvfl510.default\
FF - component: c:\program files\Mozilla Firefox\components\118b70e4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {5277A62D-7673-400E-969E-115E22BA7D7F} - c:\documents and settings\kitty kat\Local Settings\Application Data\{5277A62D-7673-400E-969E-115E22BA7D7F}
FF - HiddenExtension: XUL Cache: {545D02D6-A67D-4A96-93BF-B148579B5030} - c:\documents and settings\raraface\Local Settings\Application Data\{545D02D6-A67D-4A96-93BF-B148579B5030}
FF - HiddenExtension: XUL Cache: {314540D4-E8E6-4C5F-8DB0-7DFD70D61061} - c:\documents and settings\Kim Hee B\Local Settings\Application Data\{314540D4-E8E6-4C5F-8DB0-7DFD70D61061}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-65447733 - c:\docume~1\ALLUSE~1\APPLIC~1\65447733\65447733.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 01:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\Install.txt
c:\windows\system32\Install.txt 273 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(528)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wmdtc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Digital Line Detect\DLG.exe
c:\documents and settings\kitty kat\Desktop\Virus Removal Tool\is-JTIN9\is-JTIN9.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\lsm32.sys
.
**************************************************************************
.
Completion time: 2009-10-13 1:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 06:55
ComboFix2.txt 2009-10-13 05:46
ComboFix3.txt 2009-02-28 07:43

Pre-Run: 28,901,797,888 bytes free
Post-Run: 28,865,126,400 bytes free

233 --- E O F --- 2009-10-13 05:47



Win32Diag.txt

Running from: C:\Documents and Settings\kitty kat\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\kitty kat\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB925720\KB925720

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925720\KB925720

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB956390-IE7\KB956390-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956390-IE7\KB956390-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB956572\KB956572

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956572\KB956572

Found mount point : C:\WINDOWS\$hf_mig$\KB956841\KB956841

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956841\KB956841

Found mount point : C:\WINDOWS\$hf_mig$\KB959426\KB959426

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB959426\KB959426

Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Found mount point : C:\WINDOWS\$hf_mig$\KB961118\KB961118

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB961118\KB961118

Found mount point : C:\WINDOWS\$hf_mig$\KB961373\KB961373

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB961373\KB961373

Found mount point : C:\WINDOWS\$hf_mig$\KB963027-IE7\KB963027-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB963027-IE7\KB963027-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Found mount point : C:\WINDOWS\$hf_mig$\KB973346\KB973346

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973346\KB973346

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP241.tmp\ZAP241.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP241.tmp\ZAP241.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp\ZAP260.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp\ZAP260.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AC.tmp\ZAP2AC.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AC.tmp\ZAP2AC.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E.tmp\ZAP4E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E.tmp\ZAP4E.tmp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Cannot access: C:\WINDOWS\Install.txt

Attempting to restore permissions of : C:\WINDOWS\Install.txt

[1] 2004-08-04 05:00:00 273 C:\WINDOWS\Install.txt ()

[1] 2004-08-04 05:00:00 267 C:\WINDOWS\system32\Install.txt ()



Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\Managed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\Managed

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5457b20e4d74937d47b86f91637bd134\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5457b20e4d74937d47b86f91637bd134\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\abcfbcf3d9d76a35839e0526ed748b7b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\abcfbcf3d9d76a35839e0526ed748b7b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7f9ed00b8ab9f384a670920f20096ec5\7f9ed00b8ab9f384a670920f20096ec5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7f9ed00b8ab9f384a670920f20096ec5\7f9ed00b8ab9f384a670920f20096ec5

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!

Edited by wonderfull, 13 October 2009 - 05:16 PM.

Posted Image

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 14 October 2009 - 07:23 AM

Hello wonderfull,

Well done. :( Please stay with me until I declare that your logs are clean. :(


1. With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'No', we will run a Combofix script later




2. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Limewire).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, go to c: > program files and delete viewpoint folder.




3. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

KillAll:: 

SRPeek:: 
c:\windows\system32\eventlog.dll

File::  
C:\jkkxvqct.exe
C:\tykcb.exe
C:\nbuh.exe
c:\windows\system32\6cb62280.dll
C:\nFsu1m.bat
c:\windows\system32\3DFB1B457D.sys
c:\windows\system32\6253B5E4D2.sys
c:\windows\system32\DRIVERS\32651639.sys
c:\windows\system32\drivers\hasrpba.sys 
c:\windows\system32\FastNetSrv.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

Driver::
JTIN9drv
mfnvbo
fastnetsrv
BtwSrv

NetSvc::
BtwSrv

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



4. We Need to check for Rootkits with RootRepeal[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply.
[/list]
Please remember to post the following when you reply:
  • ComboFix.txt
  • RootRepeal.txt

~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 17 October 2009 - 12:38 AM

Hi,

Are you still with us?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 18 October 2009 - 09:36 PM

Hi,

I'm so sorry for the delay! :( If anything it should be me waiting for you, and not the other way around. I realized I had to download the Recovery Console to another computer, so I had to get to one and then school ate my days, but enough of my talking :-X

1. Done!

2. Done! (I forgot I had Limewire on my computer D-: and I've been wondering what Viewpoint was for a long time!)

3. ComboFix.txt -->

ComboFix 09-10-17.01 - kitty kat 10/18/2009 11:26.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.1033.18.502.194 [GMT -5:00]
Running from: c:\documents and settings\kitty kat\Desktop\CFscan.exe
Command switches used :: c:\documents and settings\kitty kat\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"C:\jkkxvqct.exe"
"C:\nbuh.exe"
"C:\nFsu1m.bat"
"C:\tykcb.exe"
"c:\windows\system32\3DFB1B457D.sys"
"c:\windows\system32\6253B5E4D2.sys"
"c:\windows\system32\6cb62280.dll"
"c:\windows\system32\DRIVERS\32651639.sys"
"c:\windows\system32\drivers\hasrpba.sys"
"c:\windows\system32\FastNetSrv.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\jkkxvqct.exe
C:\nbuh.exe
C:\nFsu1m.bat
C:\tykcb.exe
c:\windows\system32\3DFB1B457D.sys
c:\windows\system32\6253B5E4D2.sys
c:\windows\system32\6cb62280.dll
c:\windows\system32\FastNetSrv.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\fupikeke.exe
c:\windows\system32\Install.txt
c:\windows\system32\jodokiso.exe
c:\windows\system32\tufufobu.exe
c:\windows\system32\turizeyu.exe
c:\windows\system32\yeberudu.exe
c:\windows\TEMP\mta13187.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_MFNVBO
-------\Service_BtwSrv
-------\Service_fastnetsrv
-------\Service_mfnvbo


((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.

2009-10-17 23:35 . 2009-10-17 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\81800926
2009-10-13 06:27 . 2009-10-17 23:36 102188 ----a-w- c:\windows\system32\1518b430.exe
2009-10-13 05:24 . 2009-10-13 05:46 -------- d-----w- C:\CFscan
2009-10-11 21:56 . 2009-10-11 21:56 416256 ----a-w- c:\documents and settings\SUSHI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 02:43 . 2009-10-13 20:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2009-10-06 22:30 . 2009-10-06 22:30 -------- d-----w- C:\news
2009-10-06 21:03 . 2009-10-06 21:03 -------- d-----w- C:\gmer
2009-10-05 20:20 . 2009-10-05 20:20 -------- d-----w- c:\documents and settings\SUSHI\Local Settings\Application Data\Last.fm
2009-10-05 20:20 . 2009-10-05 20:20 -------- d-----w- c:\documents and settings\SUSHI\Application Data\vlc
2009-10-05 19:59 . 2009-10-05 19:59 -------- d-----w- c:\program files\CCleaner
2009-10-05 19:16 . 2009-10-05 19:16 -------- d-----w- c:\documents and settings\SUSHI\Local Settings\Application Data\Mozilla
2009-10-05 18:08 . 2009-10-05 18:08 25126 ----a-w- C:\wqtneupy.exe
2009-09-22 22:58 . 2009-09-22 22:58 677104 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\program files\MSBuild
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\program files\Reference Assemblies
2009-09-22 22:33 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-22 22:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-22 22:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-22 22:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-22 22:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-22 22:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-22 22:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-22 22:33 . 2009-09-22 22:33 -------- d-----w- C:\a1d310df375d9735aa68
2009-09-22 22:27 . 2009-09-22 22:27 -------- d-----w- c:\program files\MSXML 6.0
2009-09-21 02:44 . 2009-09-21 02:44 -------- d-----w- c:\documents and settings\SUSHI\Application Data\GTek
2009-09-21 02:44 . 2009-09-21 02:44 -------- d-----w- c:\documents and settings\SUSHI\Application Data\Malwarebytes
2009-09-20 01:37 . 2009-10-13 05:56 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 16:14 . 2006-07-06 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-18 16:14 . 2006-07-06 02:36 -------- d-----w- c:\program files\Viewpoint
2009-10-18 07:25 . 2007-09-01 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-15 14:04 . 2007-09-13 03:34 -------- d-----w- c:\program files\LimeWire
2009-10-13 04:24 . 2009-10-13 04:24 132 ----a-w- c:\program files\ofiz.txt
2009-10-12 18:51 . 2009-10-12 18:51 132 ----a-w- c:\program files\ipht.txt
2009-10-12 14:20 . 2009-10-12 14:20 132 ----a-w- c:\program files\bgnzyoya.txt
2009-10-06 05:28 . 2007-09-01 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-05 20:26 . 2009-02-23 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 06:28 . 2009-01-06 00:46 416256 ----a-w- c:\documents and settings\kitty kat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 03:48 . 2009-09-05 00:28 -------- d-----w- c:\documents and settings\kitty kat\Application Data\vlc
2009-09-18 06:56 . 2009-01-27 12:33 -------- d-----w- c:\documents and settings\kitty kat\Application Data\Apple Computer
2009-09-11 14:03 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 10:07 . 2007-09-04 02:39 -------- d-----w- c:\program files\MSECache
2009-09-10 19:54 . 2009-02-23 23:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-02-23 23:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 12:00 . 2009-09-09 12:00 -------- d-----w- c:\program files\Alarm Clock
2009-09-05 00:23 . 2009-09-05 00:23 -------- d-----w- c:\documents and settings\kitty kat\Application Data\MozillaControl
2009-09-05 00:11 . 2009-09-05 00:11 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-09-05 00:11 . 2009-09-04 23:53 -------- d-----w- c:\program files\Graboid
2009-09-04 20:45 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 12:25 . 2009-09-03 12:26 43520 ----a-w- c:\windows\system32\drivers\mss.exe
2009-08-29 07:36 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 00:30 . 2007-08-11 05:27 -------- d-----w- c:\program files\AIM6
2009-08-26 08:16 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 18:23 . 2009-08-24 18:23 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-08-24 18:18 . 2009-08-24 18:18 -------- d-----w- c:\program files\AIM Toolbar
2009-08-24 18:18 . 2009-08-24 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-08-22 06:47 . 2009-08-22 06:47 -------- d-----w- c:\documents and settings\kitty kat\Application Data\CyberLink
2009-08-21 03:06 . 2009-08-20 21:15 -------- d-----w- c:\documents and settings\kitty kat\Application Data\dvdcss
2009-08-20 21:07 . 2009-08-20 21:07 -------- d-----w- c:\program files\VideoLAN
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:49 . 2004-08-10 17:51 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2004-08-04 03:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2008-10-08 04:31 . 2008-10-08 04:31 13880 ----a-w- c:\program files\Common Files\exoqymupap.ban
2008-10-06 22:57 . 2008-10-06 22:57 14416 ----a-w- c:\program files\Common Files\iciw.pif
2008-10-06 22:57 . 2008-10-06 22:57 10929 ----a-w- c:\program files\Common Files\wabewuti.exe
2009-09-23 10:48 . 2009-10-17 23:36 1934848 ----a-w- c:\program files\mozilla firefox\components\118b70e4.dll
2008-11-05 22:02 . 2007-08-25 04:10 5278 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-10-14_02.28.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-18 16:32 . 2009-10-18 16:32 16384 c:\windows\temp\Perflib_Perfdata_750.dat
+ 2007-09-01 14:24 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2007-09-01 14:24 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 17:51 . 2009-10-15 22:15 72066 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-10-14 01:56 72066 c:\windows\system32\perfc009.dat
+ 2006-11-08 02:03 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00 69632 c:\windows\system32\lsm32.sys
- 2004-08-10 17:51 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 08:26 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 08:26 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-10 17:51 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2004-08-10 17:51 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-10 17:51 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 16:58 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll
- 2006-10-17 16:58 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-06-27 14:34 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-06-27 14:34 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-06-27 08:27 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-06-27 08:27 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-10 17:51 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 08:26 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 08:26 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll
- 2004-08-10 17:50 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-10 17:50 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00 45568 c:\windows\system32\BtwSrv.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-10-15 22:05 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-15 22:05 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-15 22:05 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-15 22:05 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-15 22:05 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4f265db8\System.Drawing.Design.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b30d191b\CustomMarshalers.dll
+ 2009-10-15 22:21 . 2009-10-15 22:21 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-15 22:38 . 2009-10-15 22:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-15 22:19 . 2009-10-15 22:19 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-15 22:18 . 2009-10-15 22:18 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-15 22:34 . 2009-10-15 22:34 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-09-22 22:47 . 2009-09-22 22:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-09-22 22:47 . 2009-09-22 22:47 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-10 17:51 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00 131072 c:\windows\system32\wmdtc.exe
+ 2004-08-10 17:51 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll
- 2004-08-10 17:51 . 2009-10-14 01:56 442800 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2009-10-15 22:15 442800 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2004-08-04 10:00 131072 c:\windows\system32\opeia.exe
+ 2004-08-10 17:51 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll
+ 2006-10-17 16:57 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 16:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 17:51 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2004-08-10 17:51 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 17:51 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-11-08 02:03 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-11-08 02:03 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 17:05 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:05 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
- 2006-08-21 14:52 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 14:52 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-10-17 17:04 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
- 2009-06-25 08:44 . 2009-06-25 08:17 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-25 08:44 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-06-27 14:34 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-06-27 14:34 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-10-17 17:04 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
- 2007-06-27 14:34 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-06-27 14:34 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 08:27 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-06-27 14:34 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-06-27 14:34 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-11-07 08:25 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 08:25 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:27 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:27 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-10 17:51 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-04-18 12:46 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-11-07 08:26 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 08:26 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-10 17:50 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2004-08-10 17:50 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-15 22:05 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-15 22:05 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-15 22:05 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-15 22:05 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-15 22:05 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-15 22:05 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6e7379ba\System.Drawing.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f7254fa0\System.Drawing.Design.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_1cb727cc\CustomMarshalers.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-15 22:21 . 2009-10-15 22:21 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-15 22:21 . 2009-10-15 22:21 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-15 22:21 . 2009-10-15 22:21 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-15 22:38 . 2009-10-15 22:38 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-15 22:34 . 2009-10-15 22:34 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-15 22:34 . 2009-10-15 22:34 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-15 22:36 . 2009-10-15 22:36 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-15 22:36 . 2009-10-15 22:36 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-15 22:35 . 2009-10-15 22:35 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-15 22:19 . 2009-10-15 22:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-15 22:19 . 2009-10-15 22:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-15 22:19 . 2009-10-15 22:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-15 22:19 . 2009-10-15 22:19 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-15 22:35 . 2009-10-15 22:35 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-15 22:34 . 2009-10-15 22:34 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-15 19:50 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2004-08-10 17:51 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
+ 2004-08-10 17:51 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll
+ 2006-11-08 02:03 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-04-18 12:46 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-10 17:51 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-10 17:51 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2007-02-28 09:55 . 2009-08-04 12:51 2185984 c:\windows\system32\dllcache\ntoskrnl.exe
- 2007-02-28 09:15 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:15 . 2009-08-04 12:02 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:15 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 09:15 . 2009-08-04 12:02 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-10 17:51 . 2009-08-04 12:49 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2004-08-10 17:51 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-05-04 12:59 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll
- 2007-06-27 14:34 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-06-27 14:34 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-10-15 22:05 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-15 22:05 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-15 22:05 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2005-03-02 00:59 . 2009-08-04 12:51 2185984 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2006-07-06 02:25 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2006-07-06 02:25 . 2009-08-04 12:02 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-08-04 12:02 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-07-06 02:25 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-07-06 02:25 . 2009-08-04 12:49 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-15 22:04 . 2009-10-15 22:04 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fecc7e0f\System.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3281c7fa\System.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b338ce49\System.Xml.dll
+ 2009-10-15 22:05 . 2009-10-15 22:05 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8b067fc1\System.Xml.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_556d431e\System.Windows.Forms.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_136a8173\System.Windows.Forms.dll
+ 2009-10-15 22:05 . 2009-10-15 22:05 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e100c31e\System.Drawing.dll
+ 2009-10-15 22:05 . 2009-10-15 22:05 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c6368855\System.Design.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3706f53d\System.Design.dll
+ 2009-10-15 22:05 . 2009-10-15 22:05 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_78459ce8\mscorlib.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0e4fefd5\mscorlib.dll
+ 2009-10-15 22:18 . 2009-10-15 22:18 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-15 22:21 . 2009-10-15 22:21 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-15 22:17 . 2009-10-15 22:17 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-15 22:21 . 2009-10-15 22:21 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-15 22:38 . 2009-10-15 22:38 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-15 22:38 . 2009-10-15 22:38 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-15 22:38 . 2009-10-15 22:38 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-15 22:38 . 2009-10-15 22:38 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-15 22:34 . 2009-10-15 22:34 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-15 22:34 . 2009-10-15 22:34 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-15 22:36 . 2009-10-15 22:36 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-15 22:36 . 2009-10-15 22:36 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-15 22:19 . 2009-10-15 22:19 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-15 22:19 . 2009-10-15 22:19 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-15 22:17 . 2009-10-15 22:17 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 22:15 . 2009-10-15 22:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-09-22 22:47 . 2009-09-22 22:47 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 22:14 . 2009-10-15 22:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-08-25 02:44 . 2007-08-25 02:44 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-15 22:04 . 2009-10-15 22:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-15 22:03 . 2009-10-15 22:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-08-25 02:44 . 2007-08-25 02:44 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-13 05:38 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\805286.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\80527d.msp
+ 2009-10-15 22:20 . 2009-10-15 22:20 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-15 22:37 . 2009-10-15 22:37 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-15 22:35 . 2009-10-15 22:35 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-15 22:20 . 2009-10-15 22:20 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-15 22:19 . 2009-10-15 22:19 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-15 22:18 . 2009-10-15 22:18 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-15 22:17 . 2009-10-15 22:17 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ECenter"="c:\dell\E-Center\gtb.exe" [2006-06-14 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"lsdefrag"="C:\wqtneupy.exe" [2009-10-05 25126]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-29 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

S1 is-JTIN9drv;is-JTIN9drv;c:\windows\system32\DRIVERS\32651639.sys --> c:\windows\system32\DRIVERS\32651639.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\SUSHI\Application Data\Mozilla\Firefox\Profiles\4lvfl510.default\
FF - component: c:\program files\Mozilla Firefox\components\118b70e4.dll
FF - HiddenExtension: XUL Cache: {5277A62D-7673-400E-969E-115E22BA7D7F} - c:\documents and settings\kitty kat\Local Settings\Application Data\{5277A62D-7673-400E-969E-115E22BA7D7F}
FF - HiddenExtension: XUL Cache: {545D02D6-A67D-4A96-93BF-B148579B5030} - c:\documents and settings\raraface\Local Settings\Application Data\{545D02D6-A67D-4A96-93BF-B148579B5030}
FF - HiddenExtension: XUL Cache: {314540D4-E8E6-4C5F-8DB0-7DFD70D61061} - c:\documents and settings\Kim Hee B\Local Settings\Application Data\{314540D4-E8E6-4C5F-8DB0-7DFD70D61061}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

BHO-{02581f1b-cb40-fa2c-da15-d278d1fde428} - c:\windows\system32\6cb62280.dll
HKLM-Run-09156526 - c:\docume~1\ALLUSE~1\APPLIC~1\09156526\09156526.exe
HKLM-Run-81800926 - c:\docume~1\ALLUSE~1\APPLIC~1\81800926\81800926.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 11:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\cfscan20968c\CF32123.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-10-18 11:41 - machine was rebooted [SUSHI]
ComboFix-quarantined-files.txt 2009-10-18 16:41
ComboFix2.txt 2009-10-14 02:30
ComboFix3.txt 2009-10-13 06:55
ComboFix4.txt 2009-10-13 05:46
ComboFix5.txt 2009-10-18 16:06

Pre-Run: 27,939,160,064 bytes free
Post-Run: 28,093,673,472 bytes free

696 --- E O F --- 2009-10-15 22:17


4. RootRepeal.txt -->

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 21:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9C3B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89D2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF8A24000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8819000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==



I've been having "Security Tool" pop up lately, and I usually manage to pin down the .exe file (it's usually a series of numbers) and get rid of it right away, but it keeps coming up. I wonder if that is a rootkit?

Again, thank you so much for your help and I apologize wholeheartedly for having taken so long to do this last step! :-/ To even be helped is such a lucky thing and I will definitely respond more promptly this time. Thank you!
Posted Image

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 19 October 2009 - 07:40 AM

Hi wonderfull,

Again, thank you so much for your help and I apologize wholeheartedly for having taken so long to do this last step!

No worries and you're welcome. :(


I've been wondering what Viewpoint was for a long time!

1. Did you uninstall viewpoint? If not please Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, go to c: > program files and delete viewpoint folder.



2. A windows file was infected by malware, we need to replace it with a clean one.

Download and save the attached file eventlog.zip (clean copy of eventlog.dll) and then extract it on C:/ directory (make sure to extract it in C:/ otherwise it will not be included in our fix).



3. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

FCopy:: 
c:\eventlog.dll | c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
c:\eventlog.dll | c:\windows\system32\eventlog.dll

Rootkit:: 
c:\program files\Common Files\iciw.pif
c:\program files\Common Files\wabewuti.exe
c:\windows\system32\DRIVERS\32651639.sys
c:\windows\system32\1518b430.exe
C:\wqtneupy.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lsdefrag"=-

Folder::
c:\documents and settings\All Users\Application Data\81800926

Driver::
is-JTIN9drv

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



5. Please create a DDS log.
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please post the following logs when you reply:
  • ComboFix.txt
  • DDS log
~Semp :(

Edited by sempai, 19 October 2009 - 09:25 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 19 October 2009 - 05:21 PM

I had uninstalled Viewpoint already, but I hadn't known to delete the folder in C:\Program Files yet, so I did that just now!



ComboFix.txt

ComboFix 09-10-19.01 - kitty kat 10/19/2009 16:42.6.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.1033.18.502.104 [GMT -5:00]
Running from: c:\documents and settings\kitty kat\Desktop\CFscan.exe
Command switches used :: c:\documents and settings\kitty kat\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\81800926

.
--------------- FCopy ---------------

c:\eventlog.dll --> c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
c:\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-JTIN9DRV
-------\Service_is-JTIN9drv


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 21:34 . 2008-04-14 10:41 56320 ------w- C:\eventlog.dll
2009-10-19 01:47 . 2009-10-19 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\90046221
2009-10-13 05:24 . 2009-10-13 05:46 -------- d-----w- C:\CFscan
2009-10-11 21:56 . 2009-10-11 21:56 416256 ----a-w- c:\documents and settings\SUSHI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 02:43 . 2009-10-13 20:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2009-10-06 22:30 . 2009-10-06 22:30 -------- d-----w- C:\news
2009-10-06 21:03 . 2009-10-06 21:03 -------- d-----w- C:\gmer
2009-10-05 20:20 . 2009-10-05 20:20 -------- d-----w- c:\documents and settings\SUSHI\Local Settings\Application Data\Last.fm
2009-10-05 20:20 . 2009-10-05 20:20 -------- d-----w- c:\documents and settings\SUSHI\Application Data\vlc
2009-10-05 19:59 . 2009-10-05 19:59 -------- d-----w- c:\program files\CCleaner
2009-10-05 19:16 . 2009-10-05 19:16 -------- d-----w- c:\documents and settings\SUSHI\Local Settings\Application Data\Mozilla
2009-09-23 10:49 . 2009-09-23 10:49 1911296 ----a-w- c:\windows\system32\6cb62280.dll
2009-09-22 22:58 . 2009-09-22 22:58 677104 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\program files\MSBuild
2009-09-22 22:34 . 2009-09-22 22:34 -------- d-----w- c:\program files\Reference Assemblies
2009-09-22 22:33 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-22 22:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-22 22:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-22 22:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-22 22:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-22 22:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-22 22:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-22 22:33 . 2009-09-22 22:33 -------- d-----w- C:\a1d310df375d9735aa68
2009-09-22 22:27 . 2009-09-22 22:27 -------- d-----w- c:\program files\MSXML 6.0
2009-09-21 02:44 . 2009-09-21 02:44 -------- d-----w- c:\documents and settings\SUSHI\Application Data\GTek
2009-09-21 02:44 . 2009-09-21 02:44 -------- d-----w- c:\documents and settings\SUSHI\Application Data\Malwarebytes
2009-09-20 01:37 . 2009-10-13 05:56 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 16:14 . 2006-07-06 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-18 07:25 . 2007-09-01 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-15 14:04 . 2007-09-13 03:34 -------- d-----w- c:\program files\LimeWire
2009-10-13 04:24 . 2009-10-13 04:24 132 ----a-w- c:\program files\ofiz.txt
2009-10-12 18:51 . 2009-10-12 18:51 132 ----a-w- c:\program files\ipht.txt
2009-10-12 14:20 . 2009-10-12 14:20 132 ----a-w- c:\program files\bgnzyoya.txt
2009-10-06 05:28 . 2007-09-01 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-05 20:26 . 2009-02-23 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 06:28 . 2009-01-06 00:46 416256 ----a-w- c:\documents and settings\kitty kat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 03:48 . 2009-09-05 00:28 -------- d-----w- c:\documents and settings\kitty kat\Application Data\vlc
2009-09-18 06:56 . 2009-01-27 12:33 -------- d-----w- c:\documents and settings\kitty kat\Application Data\Apple Computer
2009-09-11 14:03 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 10:07 . 2007-09-04 02:39 -------- d-----w- c:\program files\MSECache
2009-09-10 19:54 . 2009-02-23 23:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-02-23 23:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 12:00 . 2009-09-09 12:00 -------- d-----w- c:\program files\Alarm Clock
2009-09-05 00:23 . 2009-09-05 00:23 -------- d-----w- c:\documents and settings\kitty kat\Application Data\MozillaControl
2009-09-05 00:11 . 2009-09-05 00:11 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-09-05 00:11 . 2009-09-04 23:53 -------- d-----w- c:\program files\Graboid
2009-09-04 20:45 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 12:25 . 2009-09-03 12:26 43520 ----a-w- c:\windows\system32\drivers\mss.exe
2009-08-29 07:36 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 00:30 . 2007-08-11 05:27 -------- d-----w- c:\program files\AIM6
2009-08-26 08:16 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 18:23 . 2009-08-24 18:23 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-08-24 18:18 . 2009-08-24 18:18 -------- d-----w- c:\program files\AIM Toolbar
2009-08-24 18:18 . 2009-08-24 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-08-22 06:47 . 2009-08-22 06:47 -------- d-----w- c:\documents and settings\kitty kat\Application Data\CyberLink
2009-08-21 03:06 . 2009-08-20 21:15 -------- d-----w- c:\documents and settings\kitty kat\Application Data\dvdcss
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:49 . 2004-08-10 17:51 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2004-08-04 03:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2008-10-08 04:31 . 2008-10-08 04:31 13880 ----a-w- c:\program files\Common Files\exoqymupap.ban
2008-11-05 22:02 . 2007-08-25 04:10 5278 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-10-18_16.38.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-19 21:10 . 2009-10-19 21:10 16384 c:\windows\temp\Perflib_Perfdata_22c.dat
+ 2009-10-19 21:50 . 2009-10-19 21:50 16384 c:\windows\temp\Perflib_Perfdata_21c.dat
+ 2004-08-10 17:51 . 2004-08-04 10:00 55808 c:\windows\system32\dllcache\eventlog.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02581f1b-cb40-fa2c-da15-d278d1fde428}]
2009-09-23 10:49 1911296 ----a-w- c:\windows\system32\6cb62280.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ECenter"="c:\dell\E-Center\gtb.exe" [2006-06-14 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\kitty kat\Start Menu\Programs\Startup\
is-JTIN9.lnk - c:\documents and settings\kitty kat\Desktop\Virus Removal Tool\is-JTIN9\startup.exe [2009-9-17 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-29 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\kitty kat\Application Data\Mozilla\Firefox\Profiles\7y2xm6fx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - HiddenExtension: XUL Cache: {5277A62D-7673-400E-969E-115E22BA7D7F} - c:\documents and settings\kitty kat\Local Settings\Application Data\{5277A62D-7673-400E-969E-115E22BA7D7F}
FF - HiddenExtension: XUL Cache: {545D02D6-A67D-4A96-93BF-B148579B5030} - c:\documents and settings\raraface\Local Settings\Application Data\{545D02D6-A67D-4A96-93BF-B148579B5030}
FF - HiddenExtension: XUL Cache: {314540D4-E8E6-4C5F-8DB0-7DFD70D61061} - c:\documents and settings\Kim Hee B\Local Settings\Application Data\{314540D4-E8E6-4C5F-8DB0-7DFD70D61061}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-90046221 - c:\docume~1\ALLUSE~1\APPLIC~1\90046221\90046221.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 16:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\cfscan14158c\CF17895.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-10-19 16:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 21:59
ComboFix2.txt 2009-10-18 16:41
ComboFix3.txt 2009-10-14 02:30
ComboFix4.txt 2009-10-13 06:55
ComboFix5.txt 2009-10-19 21:40

Pre-Run: 28,027,482,112 bytes free
Post-Run: 28,004,446,208 bytes free

- - End Of File - - 186A56F13849F9DD3E6CFFEB613B02C1




DDS.txt

DDS (Ver_09-10-13.01) - NTFSx86
Run by kitty kat at 17:10:05.63 on Mon 10/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.1033.18.502.248 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\kitty kat\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: productexpress: {02581f1b-cb40-fa2c-da15-d278d1fde428} - c:\windows\system32\6cb62280.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ECenter] "c:\dell\e-center\gtb.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\kitty kat\start menu\programs\startup\is-jtin9.lnk - c:\documents and settings\kitty kat\desktop\virus removal tool\is-jtin9\startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kitty kat\application data\mozilla\firefox\profiles\7y2xm6fx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - HiddenExtension: XUL Cache: {5277A62D-7673-400E-969E-115E22BA7D7F} - c:\documents and settings\kitty kat\local settings\application data\{5277A62D-7673-400E-969E-115E22BA7D7F}
FF - HiddenExtension: XUL Cache: {545D02D6-A67D-4A96-93BF-B148579B5030} - c:\documents and settings\raraface\local settings\application data\{545D02D6-A67D-4A96-93BF-B148579B5030}
FF - HiddenExtension: XUL Cache: {314540D4-E8E6-4C5F-8DB0-7DFD70D61061} - c:\documents and settings\kim hee b\local settings\application data\{314540D4-E8E6-4C5F-8DB0-7DFD70D61061}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-19 16:34 56,320 -------- C:\eventlog.dll
2009-10-18 20:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\90046221
2009-10-18 11:07 <DIR> a-dshr-- C:\cmdcons
2009-10-13 17:03 1,393 a------- c:\windows\imsins.BAK
2009-10-13 00:24 <DIR> --d----- C:\CFscan
2009-10-12 23:57 236,544 a------- c:\windows\PEV.exe
2009-10-11 21:48 2,148 a------- c:\windows\system32\wpa.dbl
2009-10-06 17:30 <DIR> --d----- C:\news
2009-10-06 16:03 <DIR> --d----- C:\gmer
2009-10-05 15:09 <DIR> --d----- c:\windows\pss
2009-10-05 14:59 <DIR> --d----- c:\program files\CCleaner
2009-09-30 16:20 436 a------- C:\2.js
2009-09-23 12:55 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-09-23 05:49 1,911,296 a------- c:\windows\system32\6cb62280.dll
2009-09-22 17:34 <DIR> --d----- c:\windows\system32\XPSViewer
2009-09-22 17:33 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-22 17:33 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-22 17:33 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-22 17:33 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-22 17:33 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-22 17:33 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-22 17:33 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-22 17:33 <DIR> --d----- C:\a1d310df375d9735aa68
2009-09-22 17:27 <DIR> --d----- c:\program files\MSXML 6.0
2009-09-19 20:37 <DIR> --d-h--- c:\windows\PIF

==================== Find3M ====================

2009-10-12 23:24 132 a------- c:\program files\ofiz.txt
2009-10-12 13:51 132 a------- c:\program files\ipht.txt
2009-10-12 09:20 132 a------- c:\program files\bgnzyoya.txt
2009-09-24 02:15 416,256 a------- c:\docume~1\kitty kat\application data\GDIPFONTCACHEV1.DAT
2009-09-11 09:03 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 09:03 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 15:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-03 07:25 43,520 a------- c:\windows\system32\drivers\mss.exe
2009-08-28 05:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 05:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 00:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 00:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 03:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 03:16 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-21 04:46 450,560 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 07:51 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 07:49 2,142,720 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 07:49 2,142,720 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 07:02 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 07:02 2,020,864 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 07:02 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-07 23:31 13,880 a------- c:\program files\common files\exoqymupap.ban
2008-11-05 17:02 5,278 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:10:49.68 ===============



Thank you so much! :(

Attached Files


Posted Image

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:30 AM

Posted 20 October 2009 - 06:59 AM

Hi,

Can you please tell me something about the folder name Virus Removal Tool that is located in your desktop.


1. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

File::
c:\windows\system32\6cb62280.dll

Folder::
c:\documents and settings\All Users\Application Data\90046221
c:\documents and settings\All Users\Application Data\Viewpoint

DDS::
BHO: productexpress: {02581f1b-cb40-fa2c-da15-d278d1fde428} - c:\windows\system32\6cb62280.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



2. Please run your Malwarebytes Anti-Malware. Go to update tab and install all updates and then perform a full scan. When the scan is done it will produce a log, please post that log for my analysis.


3. Lastly, please create a fresh DDS log and post it when you reply. Thanks.



~Semp :(

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users