Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

not a valid win32 application [RESOLVED]

Started by dominic951 , Mar 12 2008 05:05 AM

  • This topic is locked This topic is locked

#16
dominic951
Posted 13 March 2008 - 01:12 PM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
-- MANUALLY SKIPPED apple mobile device localized stuff...too much senseless infos i think :) --
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.app\Contents\Info-windows.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.app\Contents\Resources\ClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.app\Contents\Resources\iPodSyncClientImages.icns"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileSync.app\Contents\Info-windows.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileSync.app\Contents\Resources\AppleMobileSync-Info.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileSync.app\Contents\Resources\iPodSyncClientImages.icns"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\IESyncClient.app\Contents\Info.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\IESyncClient.app\Contents\version.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\IESyncClient.app\Contents\Resources\IEClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SafariSyncClient.app\Contents\Info.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SafariSyncClient.app\Contents\version.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SafariSyncClient.app\Contents\Resources\SafariClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.app\Contents\Info.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.app\Contents\version.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.app\Contents\Resources\SyncServer.icns"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app\Contents\Info.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app\Contents\version.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app\Contents\Resources\WindowsAddressBookClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app\Contents\Resources\WindowsContactsClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app\Contents\Info.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app\Contents\version.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app\Contents\Resources\OutlookExpressClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app\Contents\Resources\WindowsMailClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Info-windows.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Resources\ClientDescription.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Resources\PhoneConduit.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Resources\settings.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Resources\vCal.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Resources\vCard.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Resources\Formatter.bundle\Contents\Info-Windows.plist"=dword:00000001
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app\Contents\Resources\Formatter.bundle\Contents\Windows\Formatter.exe"=dword:00000001
"C:\Program Files\QuickTime\QTSystem\Ir41_qc.dll"=dword:00000001
"C:\windows\system32\QuickTimeVR.qtx"=dword:00000001
"C:\windows\system32\QuickTime.qts"=dword:00000001
"C:\Program Files\QuickTime\QTSystem\Ir41_qcx.dll"=dword:00000001
"C:\Program Files\iPod\bin\iPodService.Resources\pl.lproj\iPodServiceLocalized.dll"=dword:00000001
"C:\Program Files\iPod\bin\iPodService.Resources\pt_PT.lproj\iPodServiceLocalized.dll"=dword:00000001
"C:\windows\system32\GEARAspi.dll"=dword:00000001
"C:\windows\system32\Drivers\GEARAspiWDM.sys"=dword:00000001
"C:\windows\system32\oodag.exe"=dword:00000001
"C:\windows\system32\oodbs.exe"=dword:00000001
"C:\windows\system32\oodbsrs.dll"=dword:00000001
"C:\windows\system32\oodagmg.dll"=dword:00000001
"C:\windows\system32\oodagrs.dll"=dword:00000001
"C:\windows\system32\drivers\oobctm.sys"=dword:00000001
"C:\windows\system32\ootmapi.dll"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\CP1252.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\CP1258.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\CP1257.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\CP1254.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\CP1253.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\CP1251.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\CP1250.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\SYMBOL.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Adobe\zdingbat.txt"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Adobe\symbol.txt"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\ROMAN.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\CORPCHAR.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\ICU\icudt26l.dat"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\GREEK.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\UKRAINE.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\TURKISH.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\ROMANIAN.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\ICELAND.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\CYRILLIC.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\CROATIAN.TXT"=dword:00000001
"C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\CENTEURO.TXT"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\GRAPH.EXE"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\REFEDIT.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\AW.DLL"=dword:00000001
"C:\windows\system32\MSCOMCTL.OCX"=dword:00000002
"C:\windows\system32\VSFLEX3.OCX"=dword:00000002
"C:\Program Files\Microsoft Office\Office10\1031\MSOHELP.EXE"=dword:00000001
"C:\windows\system32\MSRDO20.DLL"=dword:00000002
"C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\MSORun\MSORUN.DLL"=dword:00000001
"C:\Program Files\Common Files\Designer\MSADDNDR.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\1031\MSOLANG.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\HLP95EN.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL"=dword:00000001
"C:\windows\system32\FM20.DLL"=dword:00000002
"C:\windows\system32\FM20DEU.DLL"=dword:00000002
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\1031\FM20.CHM"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\1031\GRINTL32.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\1031\GRLEX.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\GREN50.OLB"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\GRDE50.OLB"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\BMPIMP32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\EPSIMP32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\GIFIMP32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\JPEGIM32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\PICTIM32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\PNG32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\TIFFIM32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Grphflt\WMFIMP32.FLT"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Reference Titles\MSREFTL.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTP.EXE"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Office10\1031\MSOINTL.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MOFL.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FNAME.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\MSOSTYLE.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Office10\RICHED20.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Office10\USP10.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\SAEXT.DLL"=dword:00000001
"C:\Program Files\Microsoft Office\Office10\PROFLWIZ.EXE"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL"=dword:00000002
"C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\TextConv\WRD6EX32.CNV"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\TextConv\WRD6ER32.CNV"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\TextConv\MSWRD832.CNV"=dword:00000002
"C:\Program Files\Microsoft Office\Office10\1031\OFMAIN10.CHM"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBACV10.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6EXT.OLB"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\1031\VBE6INTL.DLL"=dword:00000001
"C:\windows\system32\MFC42DEU.DLL"=dword:00000002
"C:\windows\system32\VEN2232.OLB"=dword:00000002
"C:\windows\system32\VBAEND32.OLB"=dword:00000002
"C:\windows\system32\VBAEN32.OLB"=dword:00000002
"C:\windows\system32\VBADE32.OLB"=dword:00000002
"C:\windows\system32\VBAME.DLL"=dword:00000001
"C:\windows\system32\SCP32.DLL"=dword:00000001
"C:\windows\system32\MSSTDFMT.DLL"=dword:00000002
"C:\windows\system32\MSSTKPRP.DLL"=dword:00000002
"C:\windows\system32\MSPRPDE.DLL"=dword:00000002
"C:\Program Files\Common Files\Microsoft Shared\CDO\CDOEX.DLL"=dword:00000001
"C:\windows\system32\MSXML3.DLL"=dword:00000003
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMWS.DLL"=dword:00000002
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMTRACE.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\SrchAdmStp.exe"=dword:00000001
"C:\windows\system32\ATHPRXY.DLL"=dword:00000002
"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\MSSADMIN.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\MSSADMWS.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\MSSERROR.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Common\MSSITLB.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSVCP60.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMAXCTL.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCORE.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMFORMS.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMRES.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMSSTLB.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMTEMPL.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\PROMDEMO.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\SECMGR.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\SRCHADM.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\VAIDDMGR.DLL"=dword:00000001
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\VAIMEM.DLL"=dword:00000001
"C:\windows\system32\RDOCURS.DLL"=dword:00000001
"C:\windows\system32\MSXML3A.DLL"=dword:00000001
"C:\windows\system32\MSXML3R.DLL"=dword:00000002
"C:\Program Files\Common Files\Ahead\AudioPlugins\Vqf.dll"=dword:00000001
"C:\Program Files\Common Files\Ahead\DSFilter\NeQTVDec.ax"=dword:00000001
"C:\Program Files\Common Files\Ahead\DSFilter\NeQTADec.ax"=dword:00000001
"C:\Program Files\Common Files\Ahead\DSFilter\mp4file.dll"=dword:00000001
"C:\windows\System32\picn20.dll"=dword:00000001
"C:\windows\system32\TwnLib4.dll"=dword:00000001
"C:\Program Files\Common Files\System\wab32.dll"=dword:00000002
"C:\Program Files\Common Files\Nokia\Adapters\NclMsg.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\NclSet.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\Stngs3AS.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\NclCal.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\Cal3uS.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\Sms3aS.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\Call3aS.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\NclCall.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\Cal3aS.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\NCLVoice.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\NclWAP.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\SCM3aS.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\Services\NclSMLWrap.dll"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\Nclaeo.dsc"=dword:00000001
"C:\Program Files\Common Files\Nokia\Adapters\cgsupp.cfg"=dword:00000001
"C:\Program Files\Common Files\PCSuite\Services\CommonvMessageParser.dll"=dword:00000001
"C:\windows\system32\CddbCdda.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\ImageViewerModule.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\libhelmholtz.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\libhertz.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AAC_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AAC_E.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AMRNB_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AMRNB_E.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AMRWB_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AMRWB_E.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AVC_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_AVC_E.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_eAACplus_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_eAACplus_E.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_H263_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_H263_E.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_IMAADPCM_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MCL_MPEG4V_D.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MIDIPlayer.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MMSPlayerModule.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\mp4lib.dll"=dword:00000001
"C:\Program Files\Common Files\PCSuite\PlayerModules\MultimediaConverter.dll"=dword:00000001
"C:\windows\system32\atl71.dll"=dword:00000001
"C:\Program Files\Serato\Drivers\mp4asio.dll"=dword:00000001
"C:\Program Files\Common Files\Skype\Skype4COM.dll"=dword:00000001
"C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe"=dword:00000001
"C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core1.zip"=dword:00000002
"C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core2.zip"=dword:00000002
"C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip"=dword:00000002
"C:\windows\system32\MSWINSCK.OCX"=dword:00000001
"C:\windows\system32\COMDLG32.OCX"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ndpsetup.ico"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\dv_aspnetmmc.chm"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallCommon.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallPersistSqlState.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallSqlStateTemplate.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallMembership.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet.mof"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.h"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallPersonalization.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallProfile.SQL"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers\goAmerica.browser"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallRoles.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.tlb"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallPersistSqlState.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallSqlStateTemplate.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallWebEventSqlProvider.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config.default"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_minimaltrust.config.default"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_minimaltrust.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallSqlState.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallSqlState.sql"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_hightrust.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_hightrust.config.default"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_lowtrust.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_lowtrust.config.default"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.ini"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.ini"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\SmtpSettings.aspx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources\error.aspx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\createPermission.aspx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers\App_LocalResources\providerList.ascx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_GlobalResources\AppConfigCommon.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageSingleRole.aspx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\App_LocalResources\setUpAuthentication.aspx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\editUser.aspx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAddUser.ascx.resx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\navigationBar.ascx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\SmtpSettings.aspx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers\ProviderList.ascx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\manageSingleRole.aspx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\security.aspx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\addUser.aspx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\wizardAddUser.ascx"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll"=dword:00000001
"C:\windows\system32\dfshim.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.rsp"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.Tasks"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.CSharp.targets"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild\Microsoft.Build.Commontypes.xsd"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild\Microsoft.Build.Core.xsd"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.xsd"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll"=dword:00000001
"C:\Program Files\Internet Explorer\MUI\0409\mscorier.dll"=dword:00000001
"C:\windows\system32\mscoree.dll"=dword:00000001
"C:\windows\system32\mscorier.dll"=dword:00000001
"C:\windows\system32\mscories.dll"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll"=dword:00000002
"C:\windows\Microsoft.NET\Framework\NETFXSBS10.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbscmp10.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\RedistList\FrameworkList.xml"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CLR.mof"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonSymbols.h"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"=dword:00000001
"C:\windows\system32\netfxperf.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\_NetworkingPerfCounters.h"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.cfg"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\netfxsbs12.hkf"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\SharedReg12.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.tlb"=dword:00000002
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\corperfmonsymbols.ini"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.ini"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\_Networkingperfcounters.ini"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.ini"=dword:00000001
"C:\windows\system32\MUI\0409\mscorees.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.chm"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_iehost.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_system.data.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll"=dword:00000001
"C:\windows\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\System.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\System.tlb"=dword:00001000
"C:\windows\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00001000
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll"=dword:00000001
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\Setup.dll"=dword:00000001
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe"=dword:00000001
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll"=dword:00000001
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll"=dword:00000001
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll"=dword:00000001
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\IGDI.dll"=dword:00000001
"C:\Program Files\Common Files\InstallShield\Professional\RunTime\IKernel.rgs"=dword:00000001
"C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll"=dword:00000001
"C:\windows\eSellerateEngine.dll"=dword:00000002
"C:\WINDOWS\Downloaded Program Files\asinst.dll"=dword:00000001
"C:\windows\system32\actskin4.ocx"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="EFC66B8276D2A57F9FFB9AA509EF74AB2B1BA3CA75A980B5ED6D1A6754D6DD9364EA553049C
19C64DF15DE5E4067F1554FA9E33C3A16045F19144D882F4A374D79C54CA87BE2109282C80FA15A2B
2B75983276717CAAB70A135E602A1DC91276597A0565B9CB600C22E3DE80C70CC73233D1A4310B14A
D9FB955D7E66E050BDD32215B76F5C75026DFAC9E1DBA11D407CD99D9547B3859606DF557EBB9DB20
2AB4C3CDFEE752878A5B5A49B2AAF4C2421D8FA94825AE96E092342B7B56E0335417E27F35899E11F
EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE
BC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CBA7FD869164D67948ED
85B173011E917A44FE3084848826C4A02C45C51EAE8B2CFF96C2202BBA8D4E18410E913C28B4C0B18
7663F2BB5102134C918943943145A3E16BD8AA7CB3CC42D5E71DF7004F471609CA480C3D647F06FA9
76322997C101B873B82591A61A1BBC70DD29ABA82C3B77099B2C4DD25C818C93A5E324EEF3DCFBB0B
AC04CB366830DC1DD04727A4DE339D8B3F5EF4B2A313FCD3124CC966DE315100063B08679A5219AA8
161BFEA9B236842B3311CDCBC15DB2EBB5C66EDE7021F34659D8AE316A804BAF15EBFBCDFF2A9CFF3
A8B229A28FB089B8E2C24AB2590334C26054C79B102DC7554AAA38F663BEB98D435A52C9C7C81B8EF
2C4707AA0DA00BB4F2AE851B8A13F00C1C32D8E0A0AFCAD95F6450959778A65B5100DDE970B8E8F46
924DC0A5F8056C7715A0BACF710928C436A21AAF94F308E7137CE5D1FA47A5B5D9B1562EC9ECB9326
C49EE6F5D3EF38D04429F8E796567D979527735960885A392056300B242A74C599587FCBBF52BBE92
2B1B898565966F3A555F7CCCA15CA98E6B1F9852439E3332A6435AFE7A8DBC591C740D1BEA4E200A0
04E3712597AF3663BA04D4E21A6690FCDC2C19C0BFCFC910676D420E2E9F9E38059465DE6D5C57681
E6C5CF02ED85CE178EBE8D5A818C390FD074802CE89B09397762AB7806F15E7C537C0300C5B190BD0
F34508F4509931117502A1B70B9F94086957BAFC8E3039FA94318A9262C3B3194D4E54517272519C1
211078479D80E146BED0A0FE180D14953CC48027C7771750AB548B6AADB9672A77297F5AA1A49ADB1
133542D9F673423DF407B876931C7D813A564D5F7DEF390346FDFB8B7B81ECD12AD487DA0430FC379
4883A88D9B50A83C66479574E567198BE13E16644E530A9D516DBA5213684D2A1EF611402A701EADA
89F0628669DC90982B24CBE3CD361623029588311B8F8638427EA25171D7B3F82CB2CA8B82A8F8959
4954729EED87E263D26816392BE36E45DB82F05EFD679C0E1F2D22FB52383F6F81CF4254A51476863
926FDC91F1067AC4D4A70C2F06CC7"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="C:\windows\system32\drivers\hldrrr.exe"

scanning hidden files ...

C:\windows\system32\drivers\srosa.sys 93712 bytes executable
C:\windows\system32\drivers\hldrrr.exe 647168 bytes executable
C:\windows\system32\drivers\down
C:\windows\system32\drivers\down\1353968.exe 14173 bytes
C:\windows\system32\drivers\down\1354343.exe 666116 bytes executable
C:\windows\system32\drivers\down\1366453.exe 197 bytes
C:\windows\system32\drivers\down\1368500.exe 628 bytes
C:\windows\system32\drivers\down\1373484.exe 13389 bytes
C:\windows\system32\drivers\down\1391593.exe 805 bytes
C:\windows\system32\drivers\down\1395187.exe 6958 bytes
C:\windows\system32\drivers\down\1396859.exe 546 bytes
C:\windows\system32\drivers\down\1407640.exe 685 bytes
C:\windows\system32\drivers\down\1411750.exe 648 bytes
C:\windows\system32\drivers\down\1416859.exe 13020 bytes
C:\windows\system32\drivers\down\1420531.exe 212 bytes
C:\windows\system32\drivers\down\1434187.exe 1609 bytes
C:\windows\system32\drivers\down\1434546.exe 212 bytes
C:\windows\system32\drivers\down\1437484.exe 608 bytes
C:\windows\system32\drivers\down\1472515.exe 632 bytes
C:\windows\system32\drivers\down\1476421.exe 9919 bytes
C:\windows\system32\drivers\down\172640.exe 14173 bytes
C:\windows\system32\drivers\down\173859.exe 197 bytes
C:\windows\system32\drivers\down\174578.exe 71684 bytes executable
C:\windows\system32\drivers\down\176718.exe 628 bytes
C:\windows\system32\drivers\down\177937.exe 14173 bytes
C:\windows\system32\drivers\down\178125.exe 14173 bytes
C:\windows\system32\drivers\down\178421.exe 666116 bytes executable
C:\windows\system32\drivers\down\178578.exe 666116 bytes executable
C:\windows\system32\drivers\down\179765.exe 14173 bytes
C:\windows\system32\drivers\down\73333171.exe 628 bytes
C:\windows\system32\drivers\down\73341906.exe 13381 bytes
C:\windows\system32\drivers\down\73358890.exe 805 bytes
C:\windows\system32\drivers\down\73363125.exe 6958 bytes
C:\windows\system32\drivers\down\73364859.exe 546 bytes
C:\windows\system32\drivers\down\73370093.exe 685 bytes
C:\windows\system32\drivers\down\73373531.exe 648 bytes
C:\windows\system32\drivers\down\73378078.exe 13012 bytes
C:\windows\system32\drivers\down\73381296.exe 212 bytes
C:\windows\system32\drivers\down\73383125.exe 1609 bytes
C:\windows\system32\drivers\down\73383359.exe 212 bytes
C:\windows\system32\drivers\down\73386328.exe 608 bytes
C:\windows\system32\drivers\down\73420906.exe 632 bytes
C:\windows\system32\drivers\down\73424640.exe 9919 bytes
C:\windows\system32\drivers\down\
  • 0

Advertisements

#17
dominic951
Posted 13 March 2008 - 01:13 PM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
C:\windows\system32\drivers\down\737703.exe 13330 bytes
C:\windows\system32\drivers\down\87832265.exe 14173 bytes
C:\windows\system32\drivers\down\87832578.exe 657412 bytes executable
C:\windows\system32\drivers\down\58836296.exe 6958 bytes
C:\windows\system32\drivers\down\58837968.exe 546 bytes
C:\windows\system32\drivers\down\58840296.exe 685 bytes
C:\windows\system32\drivers\down\58844937.exe 648 bytes
C:\windows\system32\drivers\down\58850468.exe 13011 bytes
C:\windows\system32\drivers\down\58853859.exe 212 bytes
C:\windows\system32\drivers\down\58863484.exe 1609 bytes
C:\windows\system32\drivers\down\58865343.exe 212 bytes
C:\windows\system32\drivers\down\58867734.exe 608 bytes
C:\windows\system32\drivers\down\58900578.exe 632 bytes
C:\windows\system32\drivers\down\58904531.exe 9919 bytes
C:\windows\system32\drivers\down\701281.exe 14173 bytes
C:\windows\system32\drivers\down\711125.exe 197 bytes
C:\windows\system32\drivers\down\712093.exe 71684 bytes executable
C:\windows\system32\drivers\down\722750.exe 628 bytes
C:\windows\system32\drivers\down\73314687.exe 14173 bytes
C:\windows\system32\drivers\down\73315109.exe 657412 bytes executable
C:\windows\system32\drivers\down\227859.exe 805 bytes
C:\windows\system32\drivers\down\230031.exe 805 bytes
C:\windows\system32\drivers\down\231750.exe 13019 bytes
C:\windows\system32\drivers\down\234046.exe 6958 bytes
C:\windows\system32\drivers\down\234500.exe 212 bytes
C:\windows\system32\drivers\down\235218.exe 1609 bytes
C:\windows\system32\drivers\down\235515.exe 212 bytes
C:\windows\system32\drivers\down\235671.exe 546 bytes
C:\windows\system32\drivers\down\238328.exe 6958 bytes
C:\windows\system32\drivers\down\238453.exe 608 bytes
C:\windows\system32\drivers\down\240015.exe 546 bytes
C:\windows\system32\drivers\down\240937.exe 685 bytes
C:\windows\system32\drivers\down\243609.exe 805 bytes
C:\windows\system32\drivers\down\243656.exe 648 bytes
C:\windows\system32\drivers\down\248421.exe 13020 bytes
C:\windows\system32\drivers\down\251906.exe 212 bytes
C:\windows\system32\drivers\down\252703.exe 1609 bytes
C:\windows\system32\drivers\down\257078.exe 212 bytes
C:\windows\system32\drivers\down\259171.exe 608 bytes
C:\windows\system32\drivers\down\290562.exe 632 bytes
C:\windows\system32\drivers\down\87837000.exe 71172 bytes executable
C:\windows\system32\drivers\down\87838437.exe 628 bytes
C:\windows\system32\drivers\down\87842609.exe 13398 bytes
C:\windows\system32\drivers\down\87862359.exe 805 bytes
C:\windows\system32\drivers\down\87865781.exe 6958 bytes
C:\windows\system32\drivers\down\87867531.exe 546 bytes
C:\windows\system32\drivers\down\87870265.exe 685 bytes
C:\windows\system32\drivers\down\87872296.exe 648 bytes
C:\windows\system32\drivers\down\87876937.exe 13029 bytes
C:\windows\system32\drivers\down\87879812.exe 212 bytes
C:\windows\system32\drivers\down\87883500.exe 1609 bytes
C:\windows\system32\drivers\down\87883734.exe 212 bytes
C:\windows\system32\drivers\down\87886687.exe 608 bytes
C:\windows\system32\drivers\down\87917765.exe 632 bytes
C:\windows\system32\drivers\down\87921406.exe 9919 bytes
C:\windows\system32\drivers\down\893750.exe 14173 bytes
C:\windows\system32\drivers\down\894187.exe 666116 bytes executable
C:\windows\system32\drivers\down\895375.exe 197 bytes
C:\windows\system32\drivers\down\896109.exe 71684 bytes executable
C:\windows\system32\drivers\down\897171.exe 628 bytes
C:\windows\system32\drivers\down\899671.exe 74244 bytes executable
C:\windows\system32\drivers\down\901609.exe 13389 bytes
C:\windows\system32\drivers\down\180593.exe 197 bytes
C:\windows\system32\drivers\down\180812.exe 197 bytes
C:\windows\system32\drivers\down\181546.exe 71172 bytes executable
C:\windows\system32\drivers\down\181578.exe 71684 bytes executable
C:\windows\system32\drivers\down\182593.exe 628 bytes
C:\windows\system32\drivers\down\182609.exe 628 bytes
C:\windows\system32\drivers\down\182781.exe 197 bytes
C:\windows\system32\drivers\down\183171.exe 13330 bytes
C:\windows\system32\drivers\down\183531.exe 71684 bytes executable
C:\windows\system32\drivers\down\185890.exe 628 bytes
C:\windows\system32\drivers\down\187953.exe 13389 bytes
C:\windows\system32\drivers\down\188062.exe 14173 bytes
C:\windows\system32\drivers\down\188453.exe 666116 bytes executable
C:\windows\system32\drivers\down\190609.exe 197 bytes
C:\windows\system32\drivers\down\191359.exe 71684 bytes executable
C:\windows\system32\drivers\down\194281.exe 628 bytes
C:\windows\system32\drivers\down\205921.exe 805 bytes
C:\windows\system32\drivers\down\207125.exe 805 bytes
C:\windows\system32\drivers\down\207781.exe 13389 bytes
C:\windows\system32\drivers\down\210437.exe 6958 bytes
C:\windows\system32\drivers\down\210578.exe 13321 bytes
C:\windows\system32\drivers\down\212078.exe 546 bytes
C:\windows\system32\drivers\down\218750.exe 13389 bytes
C:\windows\system32\drivers\down\223656.exe 685 bytes
C:\windows\system32\drivers\down\180281.exe 666116 bytes executable
C:\windows\system32\drivers\down\226140.exe 648 bytes
C:\windows\system32\drivers\down\291421.exe 632 bytes
C:\windows\system32\drivers\down\58824156.exe 805 bytes
C:\windows\system32\drivers\down\73331437.exe 197 bytes
C:\windows\system32\drivers\down\87836828.exe 197 bytes
C:\windows\system32\drivers\down\294531.exe 9919 bytes
C:\windows\system32\drivers\down\295390.exe 9919 bytes
C:\windows\system32\drivers\down\326390.exe 14173 bytes
C:\windows\system32\drivers\down\326796.exe 666116 bytes executable
C:\windows\system32\drivers\down\328921.exe 197 bytes
C:\windows\system32\drivers\down\329859.exe 71684 bytes executable
C:\windows\system32\drivers\down\331812.exe 628 bytes
C:\windows\system32\drivers\down\336250.exe 13321 bytes
C:\windows\system32\drivers\down\351515.exe 805 bytes
C:\windows\system32\drivers\down\355765.exe 6958 bytes
C:\windows\system32\drivers\down\357359.exe 546 bytes
C:\windows\system32\drivers\down\367906.exe 685 bytes
C:\windows\system32\drivers\down\373750.exe 648 bytes
C:\windows\system32\drivers\down\378453.exe 13020 bytes
C:\windows\system32\drivers\down\381234.exe 212 bytes
C:\windows\system32\drivers\down\382687.exe 1609 bytes
C:\windows\system32\drivers\down\383625.exe 212 bytes
C:\windows\system32\drivers\down\385218.exe 608 bytes
C:\windows\system32\drivers\down\420062.exe 632 bytes
C:\windows\system32\drivers\down\424000.exe 9919 bytes
C:\windows\system32\drivers\down\5798875.exe 6958 bytes
C:\windows\system32\drivers\down\5800765.exe 546 bytes
C:\windows\system32\drivers\down\5811515.exe 685 bytes
C:\windows\system32\drivers\down\5815656.exe 648 bytes
C:\windows\system32\drivers\down\5821640.exe 13019 bytes
C:\windows\system32\drivers\down\5824593.exe 212 bytes
C:\windows\system32\drivers\down\5826937.exe 1609 bytes
C:\windows\system32\drivers\down\5836890.exe 212 bytes
C:\windows\system32\drivers\down\5838718.exe 608 bytes
C:\windows\system32\drivers\down\5875343.exe 632 bytes
C:\windows\system32\drivers\down\5880421.exe 9919 bytes
C:\windows\ime\shared
C:\windows\ime\shared\res
C:\Program Files\Movie Maker\Shared
C:\Program Files\Movie Maker\Shared\Empty.txt 18 bytes
C:\Program Files\Movie Maker\Shared\Filters.xml 7591 bytes
C:\Program Files\Movie Maker\Shared\news.png 138660 bytes
C:\Program Files\Movie Maker\Shared\paint.png 67213 bytes
C:\Program Files\Movie Maker\Shared\Profiles
C:\Program Files\Movie Maker\Shared\Profiles\Blank.txt 21 bytes
C:\Program Files\Movie Maker\Shared\Sample1.jpg 62732 bytes
C:\Program Files\Movie Maker\Shared\Sample2.jpg 46822 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 177


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 23 Jan 2008 211 A.SH. --- "C:\BOOT.BAK"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT5.tmp"

Finished!




ComboFix Log:
ComboFix 08-03-10.1 - dominic 2008-03-13 18:57:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.646 [GMT 1:00]
Running from: C:\Documents and Settings\dominic\Desktop\New Folder\domo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\drivers\down
C:\windows\system32\drivers\down\1353968.exe
C:\windows\system32\drivers\down\1354343.exe
C:\windows\system32\drivers\down\1366453.exe
C:\windows\system32\drivers\down\1368500.exe
C:\windows\system32\drivers\down\1373484.exe
C:\windows\system32\drivers\down\1391593.exe
C:\windows\system32\drivers\down\1395187.exe
C:\windows\system32\drivers\down\1396859.exe
C:\windows\system32\drivers\down\1407640.exe
C:\windows\system32\drivers\down\1411750.exe
C:\windows\system32\drivers\down\1416859.exe
C:\windows\system32\drivers\down\1420531.exe
C:\windows\system32\drivers\down\1434187.exe
C:\windows\system32\drivers\down\1434546.exe
C:\windows\system32\drivers\down\1437484.exe
C:\windows\system32\drivers\down\1472515.exe
C:\windows\system32\drivers\down\1476421.exe
C:\windows\system32\drivers\down\172640.exe
C:\windows\system32\drivers\down\173859.exe
C:\windows\system32\drivers\down\174578.exe
C:\windows\system32\drivers\down\176718.exe
C:\windows\system32\drivers\down\177937.exe
C:\windows\system32\drivers\down\178125.exe
C:\windows\system32\drivers\down\178421.exe
C:\windows\system32\drivers\down\178578.exe
C:\windows\system32\drivers\down\179765.exe
C:\windows\system32\drivers\down\180281.exe
C:\windows\system32\drivers\down\180593.exe
C:\windows\system32\drivers\down\180812.exe
C:\windows\system32\drivers\down\181546.exe
C:\windows\system32\drivers\down\181578.exe
C:\windows\system32\drivers\down\182593.exe
C:\windows\system32\drivers\down\182609.exe
C:\windows\system32\drivers\down\182781.exe
C:\windows\system32\drivers\down\183171.exe
C:\windows\system32\drivers\down\183531.exe
C:\windows\system32\drivers\down\185890.exe
C:\windows\system32\drivers\down\187953.exe
C:\windows\system32\drivers\down\188062.exe
C:\windows\system32\drivers\down\188453.exe
C:\windows\system32\drivers\down\190609.exe
C:\windows\system32\drivers\down\191359.exe
C:\windows\system32\drivers\down\194281.exe
C:\windows\system32\drivers\down\205921.exe
C:\windows\system32\drivers\down\207125.exe
C:\windows\system32\drivers\down\207781.exe
C:\windows\system32\drivers\down\210437.exe
C:\windows\system32\drivers\down\210578.exe
C:\windows\system32\drivers\down\212078.exe
C:\windows\system32\drivers\down\218750.exe
C:\windows\system32\drivers\down\223656.exe
C:\windows\system32\drivers\down\226140.exe
C:\windows\system32\drivers\down\227859.exe
C:\windows\system32\drivers\down\230031.exe
C:\windows\system32\drivers\down\231750.exe
C:\windows\system32\drivers\down\234046.exe
C:\windows\system32\drivers\down\234500.exe
C:\windows\system32\drivers\down\235218.exe
C:\windows\system32\drivers\down\235515.exe
C:\windows\system32\drivers\down\235671.exe
C:\windows\system32\drivers\down\238328.exe
C:\windows\system32\drivers\down\238453.exe
C:\windows\system32\drivers\down\240015.exe
C:\windows\system32\drivers\down\240937.exe
C:\windows\system32\drivers\down\243609.exe
C:\windows\system32\drivers\down\243656.exe
C:\windows\system32\drivers\down\248421.exe
C:\windows\system32\drivers\down\251906.exe
C:\windows\system32\drivers\down\252703.exe
C:\windows\system32\drivers\down\257078.exe
C:\windows\system32\drivers\down\259171.exe
C:\windows\system32\drivers\down\290562.exe
C:\windows\system32\drivers\down\291421.exe
C:\windows\system32\drivers\down\294531.exe
C:\windows\system32\drivers\down\295390.exe
C:\windows\system32\drivers\down\326390.exe
C:\windows\system32\drivers\down\326796.exe
C:\windows\system32\drivers\down\328921.exe
C:\windows\system32\drivers\down\329859.exe
C:\windows\system32\drivers\down\331812.exe
C:\windows\system32\drivers\down\336250.exe
C:\windows\system32\drivers\down\351515.exe
C:\windows\system32\drivers\down\355765.exe
C:\windows\system32\drivers\down\357359.exe
C:\windows\system32\drivers\down\367906.exe
C:\windows\system32\drivers\down\373750.exe
C:\windows\system32\drivers\down\378453.exe
C:\windows\system32\drivers\down\381234.exe
C:\windows\system32\drivers\down\382687.exe
C:\windows\system32\drivers\down\383625.exe
C:\windows\system32\drivers\down\385218.exe
C:\windows\system32\drivers\down\420062.exe
C:\windows\system32\drivers\down\424000.exe
C:\windows\system32\drivers\down\5798875.exe
C:\windows\system32\drivers\down\5800765.exe
C:\windows\system32\drivers\down\5811515.exe
C:\windows\system32\drivers\down\5815656.exe
C:\windows\system32\drivers\down\5821640.exe
C:\windows\system32\drivers\down\5824593.exe
C:\windows\system32\drivers\down\5826937.exe
C:\windows\system32\drivers\down\5836890.exe
C:\windows\system32\drivers\down\5838718.exe
C:\windows\system32\drivers\down\5875343.exe
C:\windows\system32\drivers\down\5880421.exe
C:\windows\system32\drivers\down\58824156.exe
C:\windows\system32\drivers\down\58836296.exe
C:\windows\system32\drivers\down\58837968.exe
C:\windows\system32\drivers\down\58840296.exe
C:\windows\system32\drivers\down\58844937.exe
C:\windows\system32\drivers\down\58850468.exe
C:\windows\system32\drivers\down\58853859.exe
C:\windows\system32\drivers\down\58863484.exe
C:\windows\system32\drivers\down\58865343.exe
C:\windows\system32\drivers\down\58867734.exe
C:\windows\system32\drivers\down\58900578.exe
C:\windows\system32\drivers\down\58904531.exe
C:\windows\system32\drivers\down\701281.exe
C:\windows\system32\drivers\down\711125.exe
C:\windows\system32\drivers\down\712093.exe
C:\windows\system32\drivers\down\722750.exe
C:\windows\system32\drivers\down\73314687.exe
C:\windows\system32\drivers\down\73315109.exe
C:\windows\system32\drivers\down\73331437.exe
C:\windows\system32\drivers\down\73333171.exe
C:\windows\system32\drivers\down\73341906.exe
C:\windows\system32\drivers\down\73358890.exe
C:\windows\system32\drivers\down\73363125.exe
C:\windows\system32\drivers\down\73364859.exe
C:\windows\system32\drivers\down\73370093.exe
C:\windows\system32\drivers\down\73373531.exe
C:\windows\system32\drivers\down\73378078.exe
C:\windows\system32\drivers\down\73381296.exe
C:\windows\system32\drivers\down\73383125.exe
C:\windows\system32\drivers\down\73383359.exe
C:\windows\system32\drivers\down\73386328.exe
C:\windows\system32\drivers\down\73420906.exe
C:\windows\system32\drivers\down\73424640.exe
C:\windows\system32\drivers\down\737703.exe
C:\windows\system32\drivers\down\87832265.exe
C:\windows\system32\drivers\down\87832578.exe
C:\windows\system32\drivers\down\87836828.exe
C:\windows\system32\drivers\down\87837000.exe
C:\windows\system32\drivers\down\87838437.exe
C:\windows\system32\drivers\down\87842609.exe
C:\windows\system32\drivers\down\87862359.exe
C:\windows\system32\drivers\down\87865781.exe
C:\windows\system32\drivers\down\87867531.exe
C:\windows\system32\drivers\down\87870265.exe
C:\windows\system32\drivers\down\87872296.exe
C:\windows\system32\drivers\down\87876937.exe
C:\windows\system32\drivers\down\87879812.exe
C:\windows\system32\drivers\down\87883500.exe
C:\windows\system32\drivers\down\87883734.exe
C:\windows\system32\drivers\down\87886687.exe
C:\windows\system32\drivers\down\87917765.exe
C:\windows\system32\drivers\down\87921406.exe
C:\windows\system32\drivers\down\893750.exe
C:\windows\system32\drivers\down\894187.exe
C:\windows\system32\drivers\down\895375.exe
C:\windows\system32\drivers\down\896109.exe
C:\windows\system32\drivers\down\897171.exe
C:\windows\system32\drivers\down\899671.exe
C:\windows\system32\drivers\down\901609.exe
C:\windows\system32\drivers\hldrrr.exe
C:\windows\system32\drivers\srosa.sys
C:\windows\system32\mdelk.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-13 19:05 . 2008-03-13 19:05 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-03-13 13:49 . 2008-03-13 13:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-13 13:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-13 13:18 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-13 13:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-13 13:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-13 13:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-13 13:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-13 13:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-13 13:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-13 11:53 . 2008-03-13 12:03 <DIR> d-------- C:\test
2008-03-13 11:50 . 2008-03-13 18:49 <DIR> d-------- C:\SDFix
2008-03-12 11:08 . 2008-03-12 11:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-12 11:08 . 2008-03-12 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-11 18:40 . 2008-03-11 18:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 17:23 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-11 17:22 . 2008-03-11 17:22 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-11 17:22 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\nmrgdnsgghrq.sys
2008-03-11 17:10 . 2008-03-11 18:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-11 17:10 . 2008-03-11 17:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-11 17:10 . 2008-03-11 17:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-11 17:10 . 2008-03-11 17:10 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-11 16:06 . 2008-03-11 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 16:05 . 2008-03-11 17:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-11 16:05 . 2008-03-11 16:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 16:05 . 2008-03-11 16:05 <DIR> d-------- C:\Documents and Settings\dominic\Application Data\SUPERAntiSpyware.com
2008-03-11 12:59 . 2008-03-13 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-11 11:22 . 2008-03-11 11:23 <DIR> d-------- C:\Program Files\RegSupreme Pro
2008-03-11 00:48 . 2008-03-11 00:48 <DIR> d-------- C:\Program Files\Hot CPU Tester Pro 4 LE
2008-03-11 00:21 . 2008-03-11 00:21 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-03-11 00:20 . 2008-03-11 00:21 <DIR> d-------- C:\Documents and Settings\dominic\Application Data\SystemRequirementsLab
2008-03-10 15:42 . 2008-03-10 17:18 <DIR> d-------- C:\Documents and Settings\dominic\Application Data\OpenOffice.org2
2008-03-10 15:40 . 2008-03-10 15:40 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-05 23:39 . 2008-03-05 23:39 <DIR> d-------- C:\Program Files\Intel Corporation
2008-03-05 21:10 . 2008-03-09 17:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-05 21:10 . 2008-03-09 17:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 20:02 . 2007-03-05 11:51 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-03-03 20:00 . 2008-03-11 01:05 <DIR> d-------- C:\Program Files\Prime95
2008-03-02 20:04 . 2008-03-02 20:04 <DIR> d-------- C:\Documents and Settings\dominic\Application Data\Nokia Multimedia Player
2008-02-29 19:12 . 2008-02-29 19:12 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 17:56 --------- d-----w C:\Program Files\FreeCommander
2008-03-13 12:42 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-13 12:10 --------- d-----w C:\Documents and Settings\dominic\Application Data\Free Download Manager
2008-03-11 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-11 16:46 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-03-11 16:45 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-11 16:42 --------- d-----w C:\Program Files\Free Download Manager
2008-03-11 15:49 --------- d-----w C:\Documents and Settings\dominic\Application Data\Lavasoft
2008-03-11 09:36 --------- d-----w C:\Program Files\eMule
2008-03-10 21:44 --------- d-----w C:\Documents and Settings\dominic\Application Data\Skype
2008-03-10 21:39 --------- d-----w C:\Documents and Settings\dominic\Application Data\skypePM
2008-03-10 17:04 --------- d-----w C:\Documents and Settings\dominic\Application Data\Azureus
2008-03-10 14:14 --------- d-----w C:\Program Files\Java
2008-03-07 23:16 --------- d-----w C:\Program Files\Azureus
2008-03-05 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 18:27 --------- d-----w C:\Documents and Settings\dominic\Application Data\PC Suite
2008-02-08 20:06 --------- d-----w C:\Program Files\djDecks
2008-02-02 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-01 18:16 --------- d-----w C:\Documents and Settings\dominic\Application Data\vlc
2008-02-01 15:26 --------- d-----w C:\Program Files\Common Files\Java
2008-01-25 20:35 --------- d-----w C:\Documents and Settings\dominic\Application Data\Mp3tag
2008-01-25 19:50 --------- d-----w C:\Program Files\MP3Gain
2008-01-22 23:33 --------- d-----w C:\Program Files\Skype
2008-01-21 22:19 --------- d-----w C:\Program Files\Crimson Editor
2008-01-21 19:54 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-21 19:50 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-21 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-21 19:38 --------- d-----w C:\Program Files\Serato
2008-01-21 19:18 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-21 19:18 --------- d-----w C:\Program Files\Ahead
2008-01-21 19:05 --------- d-----w C:\Documents and Settings\dominic\Application Data\Nokia
2008-01-21 18:51 --------- d-----w C:\Program Files\DIFX
2008-01-21 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-21 18:50 --------- d-----w C:\Program Files\Nokia
2008-01-21 18:50 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-01-21 18:50 --------- d-----w C:\Program Files\Common Files\Nokia
2008-01-21 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-21 18:16 --------- d-----w C:\Program Files\Mp3tag
2008-01-21 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-06 21:56 577,336 ----a-w C:\windows\qfe27.tmp
2008-01-06 21:55 525,624 ----a-w C:\windows\qfe11.tmp
2008-01-06 21:54 623,344 ----a-w C:\windows\qfe8.tmp
2008-01-06 21:46 2,532,664 ----a-w C:\windows\qfe5.tmp
2008-01-06 21:36 512,752 ----a-w C:\windows\qfeA.tmp
2008-01-06 21:35 720,088 ----a-w C:\windows\qfe4.tmp
2008-01-06 19:14 720,088 ----a-w C:\windows\qfe7.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-03-11_12.12.49.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-10-14 09:34:54 654,848 ----a-w C:\windows\$hf_mig$\KB873339\update\update.exe
+ 2008-03-12 13:07:48 654,848 ----a-w C:\windows\$hf_mig$\KB873339\update\update.exe
- 2004-10-14 10:34:54 654,848 ----a-w C:\windows\$hf_mig$\KB885835\update\update.exe
+ 2008-03-12 13:07:50 654,848 ----a-w C:\windows\$hf_mig$\KB885835\update\update.exe
- 2004-10-14 10:34:54 654,848 ----a-w C:\windows\$hf_mig$\KB885836\update\update.exe
+ 2008-03-12 13:07:51 654,848 ----a-w C:\windows\$hf_mig$\KB885836\update\update.exe
- 2004-10-14 18:34:52 654,848 ----a-w C:\windows\$hf_mig$\KB886185\update\update.exe
+ 2008-03-12 13:07:53 654,848 ----a-w C:\windows\$hf_mig$\KB886185\update\update.exe
- 2004-10-14 10:34:54 654,848 ----a-w C:\windows\$hf_mig$\KB887472\update\update.exe
+ 2008-03-12 13:07:55 654,848 ----a-w C:\windows\$hf_mig$\KB887472\update\update.exe
- 2004-11-30 13:46:40 654,848 ----a-w C:\windows\$hf_mig$\KB888302\update\update.exe
+ 2008-03-12 13:07:56 654,848 ----a-w C:\windows\$hf_mig$\KB888302\update\update.exe
- 2005-02-24 18:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB890859\update\update.exe
+ 2008-03-12 13:08:04 718,048 ----a-w C:\windows\$hf_mig$\KB890859\update\update.exe
- 2004-11-30 13:46:40 654,848 ----a-w C:\windows\$hf_mig$\KB891781\update\update.exe
+ 2008-03-12 13:08:06 654,848 ----a-w C:\windows\$hf_mig$\KB891781\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB893756\update\update.exe
+ 2008-03-12 13:08:09 718,048 ----a-w C:\windows\$hf_mig$\KB893756\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB894391\update\update.exe
+ 2008-03-12 13:08:12 718,048 ----a-w C:\windows\$hf_mig$\KB894391\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB896358\update\update.exe
+ 2008-03-12 13:08:15 718,048 ----a-w C:\windows\$hf_mig$\KB896358\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB896423\update\update.exe
+ 2008-03-12 13:08:17 718,048 ----a-w C:\windows\$hf_mig$\KB896423\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB896428\update\update.exe
+ 2008-03-12 13:08:19 718,048 ----a-w C:\windows\$hf_mig$\KB896428\update\update.exe
- 2005-02-25 03:35:05 718,048 ----a-w C:\windows\$hf_mig$\KB898461\update\update.exe
+ 2008-03-12 13:08:22 718,048 ----a-w C:\windows\$hf_mig$\KB898461\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB899587\update\update.exe
+ 2008-03-12 13:08:24 718,048 ----a-w C:\windows\$hf_mig$\KB899587\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB899591\update\update.exe
+ 2008-03-12 13:08:26 718,048 ----a-w C:\windows\$hf_mig$\KB899591\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB900485\update\update.exe
+ 2008-03-12 13:08:29 716,000 ----a-w C:\windows\$hf_mig$\KB900485\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB900725\update\update.exe
+ 2008-03-12 13:08:39 718,048 ----a-w C:\windows\$hf_mig$\KB900725\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB901017\update\update.exe
+ 2008-03-12 13:08:42 718,048 ----a-w C:\windows\$hf_mig$\KB901017\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB901214\update\update.exe
+ 2008-03-12 13:08:45 718,048 ----a-w C:\windows\$hf_mig$\KB901214\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB902400\update\update.exe
+ 2008-03-12 13:08:50 718,048 ----a-w C:\windows\$hf_mig$\KB902400\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB904942\update\update.exe
+ 2008-03-12 13:08:53 716,000 ----a-w C:\windows\$hf_mig$\KB904942\update\update.exe
- 2005-02-25 03:35:05 718,048 ----a-w C:\windows\$hf_mig$\KB905414\update\update.exe
+ 2008-03-12 13:08:55 718,048 ----a-w C:\windows\$hf_mig$\KB905414\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\$hf_mig$\KB905749\update\update.exe
+ 2008-03-12 13:08:58 718,048 ----a-w C:\windows\$hf_mig$\KB905749\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB908519\update\update.exe
+ 2008-03-12 13:09:00 716,000 ----a-w C:\windows\$hf_mig$\KB908519\update\update.exe
- 2005-10-12 23:12:28 716,000 ----a-w C:\windows\$hf_mig$\KB910437\update\update.exe
+ 2008-03-12 13:09:03 716,000 ----a-w C:\windows\$hf_mig$\KB910437\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB911280\update\update.exe
+ 2008-03-12 13:09:06 716,000 ----a-w C:\windows\$hf_mig$\KB911280\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB911562\update\update.exe
+ 2008-03-12 13:09:08 716,000 ----a-w C:\windows\$hf_mig$\KB911562\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB911927\update\update.exe
+ 2008-03-12 13:09:11 716,000 ----a-w C:\windows\$hf_mig$\KB911927\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB913580\update\update.exe
+ 2008-03-12 13:09:14 716,000 ----a-w C:\windows\$hf_mig$\KB913580\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB914388\update\update.exe
+ 2008-03-12 13:09:17 716,000 ----a-w C:\windows\$hf_mig$\KB914388\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB914389\update\update.exe
+ 2008-03-12 13:09:20 716,000 ----a-w C:\windows\$hf_mig$\KB914389\update\update.exe
- 2005-10-12 23:12:28 716,000 ----a-w C:\windows\$hf_mig$\KB915865\update\update.exe
+ 2008-03-12 13:09:22 716,000 ----a-w C:\windows\$hf_mig$\KB915865\update\update.exe
- 2005-10-12 23:16:51 716,000 ----a-w C:\windows\$hf_mig$\KB916595\update\update.exe
+ 2008-03-12 13:09:25 716,000 ----a-w C:\windows\$hf_mig$\KB916595\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB917953\update\update.exe
+ 2008-03-12 13:09:28 716,000 ----a-w C:\windows\$hf_mig$\KB917953\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB918118\update\update.exe
+ 2008-03-12 13:09:31 716,000 ----a-w C:\windows\$hf_mig$\KB918118\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB918439\update\update.exe
+ 2008-03-12 13:09:33 716,000 ----a-w C:\windows\$hf_mig$\KB918439\update\update.exe
- 2005-10-12 23:12:28 716,000 ----a-w C:\windows\$hf_mig$\KB919007\update\update.exe
+ 2008-03-12 13:09:36 716,000 ----a-w C:\windows\$hf_mig$\KB919007\update\update.exe
- 2005-10-12 23:16:51 716,000 ----a-w C:\windows\$hf_mig$\KB920213\update\update.exe
+ 2008-03-12 13:09:39 716,000 ----a-w C:\windows\$hf_mig$\KB920213\update\update.exe
- 2005-10-12 23:16:51 716,000 ----a-w C:\windows\$hf_mig$\KB920670\update\update.exe
+ 2008-03-12 13:09:42 716,000 ----a-w C:\windows\$hf_mig$\KB920670\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB920683\update\update.exe
+ 2008-03-12 13:09:44 716,000 ----a-w C:\windows\$hf_mig$\KB920683\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB920685\update\update.exe
+ 2008-03-12 13:09:48 716,000 ----a-w C:\windows\$hf_mig$\KB920685\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB920872\update\update.exe
+ 2008-03-12 13:09:50 716,000 ----a-w C:\windows\$hf_mig$\KB920872\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB921503\update\update.exe
+ 2008-03-12 13:09:53 716,000 ----a-w C:\windows\$hf_mig$\KB921503\update\update.exe
- 2005-10-12 23:12:28 716,000 ----a-w C:\windows\$hf_mig$\KB922582\update\update.exe
+ 2008-03-12 13:09:56 716,000 ----a-w C:\windows\$hf_mig$\KB922582\update\update.exe
- 2005-10-12 23:16:51 716,000 ----a-w C:\windows\$hf_mig$\KB922819\update\update.exe
+ 2008-03-12 13:09:59 716,000 ----a-w C:\windows\$hf_mig$\KB922819\update\update.exe
- 2005-10-12 23:16:51 716,000 ----a-w C:\windows\$hf_mig$\KB923414\update\update.exe
+ 2008-03-12 13:10:01 716,000 ----a-w C:\windows\$hf_mig$\KB923414\update\update.exe
- 2005-10-12 23:16:51 716,000 ----a-w C:\windows\$hf_mig$\KB923980\update\update.exe
+ 2008-03-12 13:10:05 716,000 ----a-w C:\windows\$hf_mig$\KB923980\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB924496\update\update.exe
+ 2008-03-12 13:10:08 716,000 ----a-w C:\windows\$hf_mig$\KB924496\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB925902\update\update.exe
+ 2008-03-12 13:10:12 716,000 ----a-w C:\windows\$hf_mig$\KB925902\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB926255\update\update.exe
+ 2008-03-12 13:10:15 716,000 ----a-w C:\windows\$hf_mig$\KB926255\update\update.exe
- 2005-10-12 23:16:51 716,000 ----a-w C:\windows\$hf_mig$\KB926436\update\update.exe
+ 2008-03-12 13:10:17 716,000 ----a-w C:\windows\$hf_mig$\KB926436\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB927779\update\update.exe
+ 2008-03-12 13:10:20 716,000 ----a-w C:\windows\$hf_mig$\KB927779\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB927802\update\update.exe
+ 2008-03-12 13:10:23 716,000 ----a-w C:\windows\$hf_mig$\KB927802\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB927891\update\update.exe
+ 2008-03-12 13:10:26 716,000 ----a-w C:\windows\$hf_mig$\KB927891\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB928843\update\update.exe
+ 2008-03-12 13:10:29 716,000 ----a-w C:\windows\$hf_mig$\KB928843\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB929123\update\update.exe
+ 2008-03-12 13:10:33 716,000 ----a-w C:\windows\$hf_mig$\KB929123\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB930178\update\update.exe
+ 2008-03-12 13:10:36 716,000 ----a-w C:\windows\$hf_mig$\KB930178\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB930916\update\update.exe
+ 2008-03-12 13:10:38 716,000 ----a-w C:\windows\$hf_mig$\KB930916\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB931261\update\update.exe
+ 2008-03-12 13:10:41 716,000 ----a-w C:\windows\$hf_mig$\KB931261\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB932168\update\update.exe
+ 2008-03-12 13:10:44 716,000 ----a-w C:\windows\$hf_mig$\KB932168\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB935839\update\update.exe
+ 2008-03-12 13:10:48 716,000 ----a-w C:\windows\$hf_mig$\KB935839\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB935840\update\update.exe
+ 2008-03-12 13:10:50 716,000 ----a-w C:\windows\$hf_mig$\KB935840\update\update.exe
- 2005-10-12 23:12:28 716,000 ----a-w C:\windows\$hf_mig$\KB936021\update\update.exe
+ 2008-03-12 13:10:53 716,000 ----a-w C:\windows\$hf_mig$\KB936021\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB936357\update\update.exe
+ 2008-03-12 13:10:55 716,000 ----a-w C:\windows\$hf_mig$\KB936357\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB937894\update\update.exe
+ 2008-03-12 13:11:00 716,000 ----a-w C:\windows\$hf_mig$\KB937894\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB938127-IE7\update\update.exe
+ 2008-03-12 13:11:05 716,000 ----a-w C:\windows\$hf_mig$\KB938127-IE7\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB938127\update\update.exe
+ 2008-03-12 13:11:02 716,000 ----a-w C:\windows\$hf_mig$\KB938127\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\$hf_mig$\KB938828\update\update.exe
+ 2008-03-12 13:11:08 716,000 ----a-w C:\windows\$hf_mig$\KB938828\update\update.exe
- 2006-01-19 19:29:19 716,000 ----a-w C:\windows\$hf_mig$\KB938829\update\update.exe
+ 2008-03-12 13:11:11 716,000 ----a-w C:\windows\$hf_mig$\KB938829\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB941202\update\update.exe
+ 2008-03-12 13:11:14 716,000 ----a-w C:\windows\$hf_mig$\KB941202\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB941568\update\update.exe
+ 2008-03-12 13:11:16 716,000 ----a-w C:\windows\$hf_mig$\KB941568\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB941644\update\update.exe
+ 2008-03-12 13:11:19 716,000 ----a-w C:\windows\$hf_mig$\KB941644\update\update.exe
- 2007-03-06 01:22:56 716,000 ----a-w C:\windows\$hf_mig$\KB942615-IE7\update\update.exe
+ 2008-03-12 13:11:35 716,000 ----a-w C:\windows\$hf_mig$\KB942615-IE7\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB942763\update\update.exe
+ 2008-03-12 13:11:38 716,000 ----a-w C:\windows\$hf_mig$\KB942763\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB943055\update\update.exe
+ 2008-03-12 13:11:41 716,000 ----a-w C:\windows\$hf_mig$\KB943055\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB944533-IE7\update\update.exe
+ 2008-03-12 13:11:57 716,000 ----a-w C:\windows\$hf_mig$\KB944533-IE7\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB944653\update\update.exe
+ 2008-03-12 13:12:00 716,000 ----a-w C:\windows\$hf_mig$\KB944653\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\$hf_mig$\KB946026\update\update.exe
+ 2008-03-12 13:12:03 716,000 ----a-w C:\windows\$hf_mig$\KB946026\update\update.exe
+ 2008-03-12 01:35:36 163,328 ----a-w C:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-13 17:41:55 3,465,216 ----a-w C:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-13 17:41:55 200,704 ----a-w C:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-12 01:35:36 163,328 ----a-w C:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-13 12:49:49 3,465,216 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-13 12:49:49 200,704 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-03-11 15:05:58 29,696 ----a-r C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-03-11 15:05:58 18,944 ----a-r C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-11 15:05:58 65,024 ----a-r C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2005-10-12 23:12:28 716,000 ----a-w C:\windows\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\update\update.exe
- 2005-10-12 23:12:29 716,000 ----a-w C:\windows\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\SoftwareDistribution\Download\4ef3d14045039d25ac205cb37a6ae575\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\SoftwareDistribution\Download\561854573350299cf5c23eea1e0cff28\update\update.exe
- 2005-02-24 19:35:06 718,048 ----a-w C:\windows\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\update\update.exe
- 2007-03-06 01:22:59 716,000 ----a-w C:\windows\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\update\update.exe
- 2007-03-06 01:22:56 716,000 ----a-w C:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\update\update.exe
+ 2007-03-29 08:20:50 110,592 ----a-w C:\windows\system32\ActiveScan\as.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\windows\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\windows\system32\ActiveScan\asmdat.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\windows\system32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\windows\system32\ActiveScan\instlsp.dll
+ 2007-11-12 08:46:18 26,112 ----a-w C:\windows\system32\ActiveScan\JID.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\windows\system32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\windows\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 10:10:36 61,440 ----a-w C:\windows\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\windows\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\windows\system32\ActiveScan\pavdr.exe
+ 2006-04-10 09:50:02 159,832 ----a-w C:\windows\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\windows\system32\ActiveScan\pavinas.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\windows\system32\ActiveScan\pavoe.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\windows\system32\ActiveScan\pavpz.dll
+ 2007-06-04 10:31:52 57,344 ----a-w C:\windows\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 13:13:38 8,704 ----a-w C:\windows\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13:08:42 49,152 ----a-w C:\windows\system32\ActiveScan\port32.dll
+ 2007-10-30 09:04:14 36,864 ----a-w C:\windows\system32\ActiveScan\Prescan.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\windows\system32\ActiveScan\pscpu.dll
+ 2007-11-21 09:00:06 376,832 ----a-w C:\windows\system32\ActiveScan\pskahk.dll
+ 2007-10-31 12:05:06 32,768 ----a-w C:\windows\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\windows\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\windows\system32\ActiveScan\pskas.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\windows\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\windows\system32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\windows\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\windows\system32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\windows\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\windows\system32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\windows\system32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\windows\system32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\windows\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\windows\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\windows\system32\ActiveScan\pskvm.dll
+ 2007-10-18 08:30:16 105,472 ----a-w C:\windows\system32\ActiveScan\psnahk.dll
+ 2007-11-23 13:29:08 10,752 ----a-w C:\windows\system32\ActiveScan\psndsk.dll
+ 2007-10-18 08:30:38 42,496 ----a-w C:\windows\system32\ActiveScan\psnflg.dll
+ 2007-10-30 10:19:22 98,304 ----a-w C:\windows\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 07:52:00 20,272 ----a-w C:\windows\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 14:49:34 11,776 ----a-w C:\windows\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 07:52:04 76,080 ----a-w C:\windows\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 07:52:06 21,296 ----a-w C:\windows\system32\ActiveScan\psnmem.dll
+ 2007-10-04 14:26:28 28,672 ----a-w C:\windows\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 10:40:10 86,016 ----a-w C:\windows\system32\ActiveScan\psntuc.dll
+ 2007-05-24 10:27:36 27,136 ----a-w C:\windows\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\windows\system32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\windows\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 08:44:36 8,576 ----a-w C:\windows\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 09:56:40 44,928 ----a-w C:\windows\system32\ActiveScan\sdthook.sys
+ 1997-09-18 05:12:32 9,488 ----a-w C:\windows\system32\ActiveScan\sporder.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\windows\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 08:14:08 126,976 ----a-w C:\windows\system32\ActiveScan\Tucan.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\windows\system32\asuninst.exe
+ 2008-03-12 18:27:00 262,144 ----a-w C:\windows\system32\config\systemprofile\NtUser.dat
- 2001-08-22 21:00:00 14,848 -c--a-w C:\windows\system32\dllcache\register.exe
+ 2008-03-12 13:44:15 14,848 -c--a-w C:\windows\system32\dllcache\register.exe
- 2001-08-22 21:00:00 68,096 -c--a-w C:\windows\system32\dllcache\sysinfo.exe
+ 2008-03-12 13:46:34 68,096 -c--a-w C:\windows\system32\dllcache\sysinfo.exe
+ 2005-05-24 11:27:16 213,048 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-10-21 20:40:14 94,208 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-10-21 20:40:16 950,272 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-11 10:23:52 58,930 ----a-w C:\windows\system32\perfc009.dat
+ 2008-03-13 17:50:59 58,930 ----a-w C:\windows\system32\perfc
  • 0

#18
dominic951
Posted 13 March 2008 - 01:14 PM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
+ 2008-03-13 17:50:59 58,930 ----a-w C:\windows\system32\perfc009.dat
- 2008-03-11 10:23:52 392,630 ----a-w C:\windows\system32\perfh009.dat
+ 2008-03-13 17:50:59 392,630 ----a-w C:\windows\system32\perfh009.dat
- 2007-11-14 15:05:06 144,936 ----a-w C:\windows\system32\ZoneLabs\updclient.exe
+ 2008-03-12 14:00:06 144,936 ----a-w C:\windows\system32\ZoneLabs\updclient.exe
- 2008-03-11 10:19:43 75,304 ----a-w C:\windows\system32\ZoneLabs\vsmon.exe
+ 2008-03-13 17:46:54 75,304 ----a-w C:\windows\system32\ZoneLabs\vsmon.exe
+ 2003-03-25 17:53:50 11,776 ----a-w C:\windows\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2005-09-16 06:01 647168]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-28 08:06 8491008]
"nwiz"="nwiz.exe" [2007-09-28 08:06 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-28 08:06 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-09-16 06:01 647168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 18:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 18:30 512000]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 14:49 66176]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 15:32 48904]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 01:19 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 01:19 208896]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 18:57 919016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-13 18:57 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-08-14 15:54 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-07 16:55 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 15:20 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\windows\system32\DRIVERS\tdrpman.sys [2008-01-07 20:32]
R1 ANC;ANC;C:\windows\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\windows\system32\drivers\Tppwrif.sys [2007-09-21 01:19]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 15:46]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 20:51]
R3 TcUsb;TC USB Kernel Driver;C:\windows\system32\Drivers\tcusb.sys [2007-08-14 15:25]
R3 WSIMD;wsimd Service;C:\windows\system32\DRIVERS\wsimd.sys [2007-07-03 18:46]
S3 SeratoUsb;SeratoUsb driver;C:\windows\system32\Drivers\SeratoUsb.sys [2006-03-16 17:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c84b69f-bc6e-11dc-8858-db7fe6241783}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3735250e-e259-11dc-82b5-0013e88c70d7}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-13 18:05:34 C:\windows\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 19:05:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\windows\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\oodag.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
.
**************************************************************************
.
Completion time: 2008-03-13 19:06:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 18:06:54
ComboFix2.txt 2008-03-11 11:32:28
ComboFix3.txt 2008-03-11 11:13:07
.
2008-03-07 18:03:12 --- E O F ---
  • 0

#19
dominic951
Posted 14 March 2008 - 05:01 AM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
hi again

I have been very impatient and managed to get Avast doing a boot-time-scan by starting Avast in Safe Mode. It's quickly found the "beagle.xy" virus/trojan in memory and asked for a boot-time-scan.

but my system still is not clean. it behaves the same as before.

Avast Boot-Time-Scan
03/14/2008 11:03
Scan of all local drives
File C:\Documents and Settings\dominic\Local Settings\Temporary Internet Files\Content.IE5\I3NNEAHP\b64_2[1].jpg is infected by Win32:Beagle-YN [Wrm], Moved to chest
File C:\Program Files\Alwil Software\Avast4\DATA\moved\smax4pnp.exe.vir is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\Program Files\Alwil Software\Avast4\DATA\moved\superantispyware.exe.vir is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001515.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001527.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001534.exe is infected by Win32:Beagle-ABA [Wrm], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001535.exe is infected by Win32:Beagle-ABA [Wrm], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001557.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001647.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001735.exe is infected by Win32:Beagle-ABA [Wrm], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001736.exe is infected by Win32:Beagle-ABA [Wrm], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001745.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001763.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP4\A0001892.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0001949.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0001957.exe is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002070.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002086.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002109.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002241.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002276.exe is infected by Win32:Beagle-ABA [Wrm], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002368.exe is infected by Win32:Agent-SDO [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002386.exe is infected by Win32:Agent-SDO [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002388.exe is infected by Win32:Beagle-ABA [Wrm], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002418.exe is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0002427.exe is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0003421.exe is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0004445.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0004500.sys is infected by Win32:Beagle-AAW [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0004531.exe is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0004533.exe is infected by Win32:Beagle-ABL [Trj], Moved to chest
File C:\System Volume Information\_restore{DECB6E91-472D-4F73-A2E8-5B68CF7E585F}\RP5\A0004534.exe is infected by Win32:Beagle-ABL [Trj], Moved to chest

Number of searched folders: 6139
Number of tested files: 49579
Number of infected files: 32
  • 0

#20
sage5
Posted 14 March 2008 - 06:16 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi dominic951,

Can you repeat the process of running SDFix in Normal mode to run that Sophos scan

Double click RunThis.bat to start the script again.
  • Type 3 to Download/Run SAV32CLI from Sophos.
  • Follow the on screen prompts and extract the Sophos files to C:\SAV32CLI
  • When the main scanning screen is displayed type 6 to run a Full scan
  • SAV32CLI will start and scan the system for infected files
  • Please be patient as this scan may take some time
  • When the scan has finished post back the SophosReport.txt from the SDFix folder


Cheers,

sage5
  • 0

#21
dominic951
Posted 14 March 2008 - 07:05 AM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
hi sage5

i cannot run SAV32CLI.EXE because "not a valid win32 application". The download works etc.


#dominic
  • 0

#22
sage5
Posted 14 March 2008 - 04:21 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Lets see if we can get the following to run:

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of OTScanIt.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with OTScanIt or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).

Cheers,

sage5
  • 0

#23
dominic951
Posted 14 March 2008 - 10:03 PM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Sage5

Did you mean OTScanIt folder and OTScanIt.exe instead of "3. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program." ?

Ive run the scan with OTScanIt.exe. but it did not take very long. just a few seconds actually.
heres the scan attached: Attached File  OTScanIt.Txt   82.71KB   146 downloads

In the mean time Im selected "All" for each category of "Basic Scans" in OTScanIt.exe. Should I post that logfile too?

Edit: The logfile for the "full" scan is 1599kb so I couldnot post it :)


cheers
dominic

Edited by dominic951, 15 March 2008 - 05:43 AM.

  • 0

#24
sage5
Posted 15 March 2008 - 06:19 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi dominic951,

There is nothing obvious showing up as running in that log, just a few suspect files.

We will try to get rid of them.

Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\System32\fdsv.exe
C:\Windows\System32\grep.exe
C:\Windows\System32\sed.exe 
C:\Windows\System32\VFind.exe
C:\windows\10.tmp
C:\windows\1.tmp files
C:\Windows\bootstat.dat
C:\Windows\imsins.BAK
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)

Next we will try something fom left field.
Go to Start > Control Panel > Add/Remove Programs & uninstall your Avast antivirus.
Next download AntiVir Personal Classic from Here
Run the installer, let it run an update and do a full system scan.
When finished you should be able to go to the Reports tab and copy the report to me as your next reply.

Cheers,

sage5

Edited by sage5, 15 March 2008 - 06:21 AM.

  • 0

#25
dominic951
Posted 15 March 2008 - 11:27 PM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok. I removed the files you mentioned and have been able to run the scan after installing AntiVir.

OTMoveit:
--- After the reboot, all files seem to be removed ---

C:\Windows\System32\fdsv.exe moved successfully.
C:\Windows\System32\grep.exe moved successfully.
C:\Windows\System32\sed.exe moved successfully.
C:\Windows\System32\VFind.exe moved successfully.
File/Folder C:\windows\10.tmp not found.
File/Folder C:\windows\1.tmp files not found.
C:\Windows\bootstat.dat moved successfully.
C:\Windows\imsins.BAK moved successfully.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat moved successfully.

OTMoveIt2 v1.0.21 log created on 03152008_212557


AntiVir Report: (I hope you understand german :) )


AntiVir PersonalEdition Classic
Erstellungsdatum der Reportdatei: Samstag, 15. März 2008 21:41

Es wird nach 1147670 Virenstämmen gesucht.

Lizenznehmer: Avira AntiVir PersonalEdition Classic
Seriennummer: 0000149996-ADJIE-0001
Plattform: Windows XP
Windowsversion: (Service Pack 2) [5.1.2600]
Benutzername: dominic
Computername: LENOVO

Versionsinformationen:
BUILD.DAT : 270 15603 Bytes 19.09.2007 13:29:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.08.2007 13:16:24
AVSCAN.DLL : 7.0.6.0 57384 Bytes 14.08.2007 15:48:28
LUKE.DLL : 7.0.5.3 147496 Bytes 14.08.2007 15:32:43
LUKERES.DLL : 7.0.6.0 10792 Bytes 14.08.2007 15:49:04
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 20:39:49
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07.03.2008 20:39:49
ANTIVIR3.VDF : 7.0.3.31 158208 Bytes 14.03.2008 20:39:49
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 15.03.2008 20:39:49
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.2007 10:36:23
AVPREF.DLL : 7.0.2.2 25640 Bytes 18.07.2007 07:16:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15.03.2008 20:39:49
AVREG.DLL : 7.0.1.6 30760 Bytes 18.07.2007 07:17:02
AVARKT.DLL : 1.0.0.20 278568 Bytes 28.08.2007 12:26:28
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.07.2007 07:10:14
NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.2007 11:09:03
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07.08.2007 12:37:51
RCTEXT.DLL : 7.0.62.0 90152 Bytes 21.08.2007 12:50:28
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.07.2007 09:37:21

Konfiguration für den aktuellen Suchlauf:
Job Name.........................: Lokale Festplatten
Konfigurationsdatei..............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Protokollierung..................: niedrig
Primäre Aktion...................: quarantäne
Sekundäre Aktion.................: ignorieren
Durchsuche Masterbootsektoren....: ein
Durchsuche Bootsektoren..........: ein
Bootsektoren.....................: E:,
Durchsuche Speicher..............: ein
Durchsuche aktive Programme......: ein
Durchsuche Registrierung.........: ein
Suche nach Rootkits..............: ein
Datei Suchmodus..................: Alle Dateien
Durchsuche Archive...............: ein
Rekursionstiefe einschränken.....: 20
Archiv Smart Extensions..........: ein
Makrovirenheuristik..............: ein
Dateiheuristik...................: mittel

Beginn des Suchlaufs: Samstag, 15. März 2008 21:41

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '34006' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclBCBTSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclRSSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclUSBSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageTryStartService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvsvc32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCSuite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TimounterMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACWLIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPOSDSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '55' Prozesse mit '55' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[HINWEIS] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[HINWEIS] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[HINWEIS] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen.
Die Registry wurde durchsucht ( '49' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <WinXP>
C:\hiberfil.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Documents and Settings\dominic\Desktop\New Folder\OTScanIt.exe
[0] Archivtyp: ZIP SFX (self extracting)
--> OTScanIt/OTScanIt.exe
[FUND] Ist das Trojanische Pferd TR/Delphi.Downloader.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '482f3560.qua' verschoben!
C:\Documents and Settings\dominic\Desktop\New Folder\testtesttest.exe
[0] Archivtyp: ZIP SFX (self extracting)
--> OTScanIt/OTScanIt.exe
[FUND] Ist das Trojanische Pferd TR/Delphi.Downloader.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '484f3572.qua' verschoben!
C:\Documents and Settings\dominic\Desktop\OTScanIt\OTScanIt.exe
[FUND] Ist das Trojanische Pferd TR/Delphi.Downloader.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '482f3562.qua' verschoben!
C:\Documents and Settings\dominic\Local Settings\Temp\bohtbefj.dll
[FUND] Ist das Trojanische Pferd TR/Inject.MF
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48443580.qua' verschoben!
C:\QooBox\Quarantine\catchme2008-03-11_121116.04.zip
[0] Archivtyp: ZIP
--> hldrrr.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Bagle.LB
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48503b62.qua' verschoben!
C:\QooBox\Quarantine\catchme2008-03-13_190531.06.zip
[0] Archivtyp: ZIP
--> srosa.sys
[FUND] Ist das Trojanische Pferd TR/Rootkit.Gen
--> mdelk.exe
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
--> hldrrr.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Bagle.LB
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48503b64.qua' verschoben!
C:\QooBox\Quarantine\catchme2008-03-14_141713.78.zip
[0] Archivtyp: ZIP
--> srosa.sys
[FUND] Ist das Trojanische Pferd TR/Rootkit.Gen
--> wintems.exe
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
--> mdelk.exe
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48503b65.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48413b68.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '484a3b6d.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
[FUND] Ist das Trojanische Pferd TR/Dldr.Bagle.CX
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48403b70.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\1354343.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48113b38.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\173953.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480f3b3d.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\174578.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48103b3e.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\178421.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48143b3e.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\178578.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48143b3f.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\180281.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480c3b40.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\181546.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480d3b41.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\181578.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '498e1aa2.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\183531.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480f3b41.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\185546.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48113b42.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\188453.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48143b43.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\191359.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480d3b44.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\326796.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48123b3f.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\329859.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48153b3f.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\712093.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480e3b3f.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\73315109.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480f3b42.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87832578.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48143b47.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87837000.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49971aa8.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\894187.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48103b4a.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\896109.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48123b4b.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\899671.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48153b4b.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\903359.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '498c1aa3.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\907953.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48133b43.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\937265.exe.vir
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Bagle.Gen
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48133b46.qua' verschoben!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\940500.exe.vir
[FUND] Ist das Trojanische Pferd TR/Bagle.Gen.B
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480c3b48.qua' verschoben!
Beginne mit der Suche in 'E:\' <DATA>
E:\p2p.emule\incoming\Hot CPU Tester Pro 4.4.1 With Crack.zip
[0] Archivtyp: ZIP
--> Hot CPU Tester Pro 4.4.1 With Crack.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Bagle.LB
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4850415c.qua' verschoben!


Ende des Suchlaufs: Samstag, 15. März 2008 22:42
Benötigte Zeit: 1:00:15 min

Der Suchlauf wurde vollständig durchgeführt.

6155 Verzeichnisse wurden überprüft
572607 Dateien wurden geprüft
40 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
36 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
2 Dateien konnten nicht durchsucht werden
572567 Dateien ohne Befall
4990 Archive wurden durchsucht
2 Warnungen
39 Hinweise
34006 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden



It looks like 4 files could not be moved into quarantine...


#dominic
  • 0

Advertisements

#26
sage5
Posted 16 March 2008 - 06:33 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi dominic951,

That looks like it got the last remnants of that infection so lets get started on the housecleaning.

Basically, all the software that has failed to start with that warning you know so well, will need to be uninstalled & reinstalled.
So now could be a very good time to weed out any old apps you no longer use or need.

First choice is which Anti-virus to keep. You can only keep 1
Next, your firewall.

Then download the following & save to your Desktop:
Malwarebytes' Anti-Malware from Here or Here
ATF Cleaner by Atribune.

Clean out cookies, temp files etc:
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


To Clear Restore points, please do the following:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Cleanup with OTMoveIt:
  • Please double-click OTMoveIt2.exe to run it.
  • Click the Clean up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click Yes to the reboot.


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5

Edited by sage5, 16 March 2008 - 06:34 AM.

  • 0

#27
dominic951
Posted 16 March 2008 - 10:53 AM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
hi sage5

Malwarebytes' Anti-Malware 1.08
Database version: 495

Scan type: Quick Scan
Objects scanned: 29076
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:58, on 16.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\oodag.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\windows\system32\guard32.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\windows\system32\ibmpmsvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10087 bytes


its getting better. the remaining problems are:

i cannot turn on my wireless connections because of the wireless zero config service i think. i cannot start it!

logon process after providing my login credentials is slower since the infection and still is...i dont know how to filter bad start up processes from good ones :)



#dominic
  • 0

#28
sage5
Posted 17 March 2008 - 04:28 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi dominic951,


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit --> not required except for some games
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog --> creates a log of the battery performance
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe --> can be dsiabled without affecting TrueImage
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe --> unnecessary for Acronis
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" --> only necessary if you are doing backup & restore scheduled tasks
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" --> has been uninstalled
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray --> not needed if you don't sync files etc between PC & phone
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


I sounds to me like some if the windows files probably got fried by that infections as well.
Have you uninstalled & reinstalled all of your applications?
This will probably mean reloading all the IBM software & drivers if you have the discs.
Next we need to check if the Windows files are not corrupted.
System File Checker:
  • Go to Start > Run and type sfc /scannow (Note the space between the c & the /)
  • /scannow starts the System File Checker immediately.
  • You will probably need your Windows XP CD or IBM recovery discs to be handy as it may be required.
    If you have Service Pack 2 installed, you will need the SP2 version of the CD. This can be done with a borrowed CD, if you don't have one.
  • Allow the scan to run and when complete reboot the system.


See if you get any improvement in performance from that lot.

Cheers,

sage5
  • 0

#29
dominic951
Posted 18 March 2008 - 04:58 PM

dominic951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Sage5

Ok I removed the things you mentioned with Hijackthis and ran the scan.

It seems like everything is ok now. Ive run another antivir full scan and found nothing on my system. I think the performance problem when i logged in has been solved after i did a clean uninstallation of zonealarm (manually => bagle prevented me from running uninstall.exe).


thank you very much for your help!


i hope I wont post anything here again ;-)


cheers
dominic
  • 0

#30
sage5
Posted 18 March 2008 - 09:20 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That is great news & you are very welcome. :)

All the Best,

sage5
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP