Infected with Trojans and viruses [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Infected with Trojans and viruses [Solved] Cannot connect to internet

#1 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

  Posted 23 January 2010 - 04:56 PM

My system is infected with viruses and trojans. I ran the removal softwares several times with and without safemode no luck sofar. I am not able to connect to --internet. Please find mulitple logs as suggested in Malware removal guide.

????????????????????????????????????????
????????????????????????????????????????

MBAM Log:
---------
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

1/23/2010 7:40:23 AM
mbam-log-2010-01-23 (07-40-23).txt

Scan type: Quick Scan
Objects scanned: 123336
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad5bd51e-8705-43ae-ab93-d78969cb254a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\alfaxpqw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ad5bd51e-8705-43ae-ab93-d78969cb254a} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\cphqjcr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.




????????????????????????????????????????
????????????????????????????????????????
Note: GMER log is empty

GMER Log:
---------

????????????????????????????????????????
????????????????????????????????????????

OTL Log:
--------

OTL logfile created on: 1/23/2010 4:30:44 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = F:\Software\Geekstogo
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.40 Gb Free Space | 83.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 5.39 Gb Free Space | 72.13% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANLCD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/23 13:28:54 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\Software\Geekstogo\OTL.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/23 13:28:54 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\Software\Geekstogo\OTL.exe
MOD - [2008/06/09 23:58:39 | 00,143,104 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/04/13 18:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/09 23:58:39 | 00,519,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/25 17:41:42 | 00,647,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 17:32:34 | 00,294,912 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 17:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 17:22:44 | 00,327,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/05/29 02:19:56 | 00,598,960 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdlcoms.exe -- (lxdl_device)
SRV - [2007/05/29 02:19:38 | 00,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdlserv.exe -- (lxdlCATSCustConnectService)
SRV - [2007/05/10 11:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2005/08/29 23:03:50 | 59,027,456 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE -- (OracleServiceORCL)
SRV - [2005/08/29 20:32:22 | 00,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)
SRV - [2005/08/16 13:21:06 | 00,024,064 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oracle\product\10.2.0\db_1\BIN\nmesrvc.exe -- (OracleDBConsoleORCL)
SRV - [2005/08/16 02:23:02 | 00,053,248 | ---- | M] (Oracle) [On_Demand | Stopped] -- C:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus)
SRV - [2005/08/16 00:57:48 | 00,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener)
SRV - [2005/01/24 06:40:28 | 00,065,536 | ---- | M] (Alexandria Software Consulting) [Auto | Stopped] -- C:\Program Files\CRYPTOCard EUS\bin\eus.exe -- (cc-eus)
SRV - [2004/06/16 12:07:54 | 01,433,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 81 96 77 01 3A BD 1B 4F B5 4B DA CF 74 5C B0 F2 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/23 06:45:36 | 00,373,653 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12878 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: () - {AD5BD51E-8705-43AE-AB93-D78969CB254A} - C:\WINDOWS\System32\cphqjcr.dll File not found
O2 - BHO: (no name) - {fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [Globe7] C:\Program Files\Globe7\Globe7.exe File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 7500 Series Fax Server] C:\Program Files\Lexmark 7500 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdlamon] C:\Program Files\Lexmark 7500 Series\lxdlamon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1213050334203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1220285731921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\fusitiwe.dll) - C:\WINDOWS\System32\fusitiwe.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\alfaxpqw: DllName - cphqjcr.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 11:46:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:26:23 | 00,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 01:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/09 04:30:33 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: aocquvji - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 14 Days ==========

[2010/01/23 13:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\jZip
[2010/01/23 07:58:15 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/23 07:58:15 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/23 07:58:15 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/23 07:58:15 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/23 07:45:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/01/23 07:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/23 07:20:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/23 07:17:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 07:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/22 08:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 07:52:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/22 07:51:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Logitech Pictures
[2010/01/22 07:49:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2008/12/13 12:15:39 | 00,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhcp.dll
[2008/12/13 12:15:39 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlinpa.dll
[2008/12/13 12:15:39 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdliesc.dll
[2008/12/13 12:15:38 | 01,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlserv.dll
[2008/12/13 12:15:38 | 00,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlusb1.dll
[2008/12/13 12:15:38 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlpmui.dll
[2008/12/13 12:15:38 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlprox.dll
[2008/12/13 12:15:37 | 00,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdllmpm.dll
[2008/12/13 12:15:35 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhbn3.dll
[2008/12/13 12:15:34 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomc.dll
[2008/12/13 12:15:34 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomm.dll
[2008/06/09 19:20:21 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2008/06/09 17:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2008/06/09 11:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/23 16:32:52 | 00,442,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/23 16:32:52 | 00,076,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/23 16:32:51 | 00,528,130 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/23 16:29:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/23 16:28:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 13:17:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/23 13:07:19 | 00,072,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\399T0.sys
[2010/01/23 12:57:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003UA.job
[2010/01/23 12:55:56 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/23 07:58:29 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:54:10 | 02,621,440 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/23 07:54:10 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/23 07:54:09 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/23 07:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 07:16:49 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/23 07:16:38 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/01/23 07:16:38 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/01/21 19:57:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003Core.job

========== Files Created - No Company Name ==========

[2010/01/23 07:58:28 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 07:16:49 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/23 07:16:38 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/01/23 07:16:38 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/01/21 18:36:28 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\399T0.sys
[2009/10/17 22:39:31 | 00,002,832 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AD5BD51E-8705-43AE-AB93-D78969CB254A.txt
[2008/12/13 12:20:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdlvs.dll
[2008/12/13 12:20:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlcoin.dll
[2008/12/13 12:19:50 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdldrs.dll
[2008/12/13 12:19:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdlcnv4.dll
[2008/12/13 12:19:50 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdlcaps.dll
[2008/12/13 12:18:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDLPMON.DLL
[2008/12/13 12:18:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDLFXPU.DLL
[2008/12/13 12:18:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdloem.dll
[2008/12/13 12:15:57 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdlrwrd.ini
[2008/12/13 12:15:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlinst.dll
[2008/12/13 12:15:35 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdlgrd.dll
[2008/06/30 21:04:14 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/06/30 21:04:14 | 00,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/30 21:04:12 | 00,201,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV302AV.SYS
[2008/06/30 21:03:43 | 00,000,252 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/06/19 17:54:31 | 00,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/06/12 16:43:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1b.INI
[2008/06/11 13:38:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1a.INI
[2008/06/09 23:58:41 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/06/09 19:20:21 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/06/09 19:20:21 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/06/09 19:20:21 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/06/09 19:20:21 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/06/09 19:15:25 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/06/09 19:15:25 | 00,007,108 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/06/09 19:13:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/06/09 18:58:54 | 00,001,909 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/06/09 16:05:16 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/06/09 16:05:16 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/06/09 16:05:01 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/06/09 16:05:00 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/06/09 16:04:59 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/06/09 16:04:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/06/09 15:44:20 | 00,000,830 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/09 13:39:41 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/06/09 13:39:41 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/06/09 13:39:41 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/09 13:39:41 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/01/24 06:43:02 | 02,240,512 | ---- | C] () -- C:\WINDOWS\System32\caeus532.dll
[2004/08/04 04:00:00 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\cphqjcr.dll.bak
[2004/08/04 04:00:00 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\o0uc9nj.dll
[2004/08/04 04:00:00 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/04 04:00:00 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/04 04:00:00 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/04 04:00:00 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/04 04:00:00 | 00,000,335 | ---- | C] () -- C:\WINDOWS\System32\auf404s.dll
[2004/08/04 04:00:00 | 00,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/04 04:00:00 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/04 04:00:00 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\xpp2zwq.dll
[2004/08/04 04:00:00 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\tzypfhn.dll
[2004/08/04 04:00:00 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\kdmctz6.dll
[2004/08/04 04:00:00 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\hqwpbwy.dll
[2004/06/16 12:07:48 | 00,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2002/01/25 11:17:28 | 00,002,238 | ---- | C] () -- C:\Program Files\Common Files\Abbott.ico
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/12/13 12:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7500 Series
[2010/01/23 13:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/26 15:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2009/10/17 11:42:21 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/09 16:53:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/09 16:53:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/09 16:53:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/09 16:53:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/11/15 10:37:52 | 00,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\db_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 13:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 18:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 12:58:16 | 00,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


????????????????????????????????????????
????????????????????????????????????????

EXTRAS Log:
-----------

OTL Extras logfile created on: 1/23/2010 4:30:44 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = F:\Software\Geekstogo
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.40 Gb Free Space | 83.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 5.39 Gb Free Space | 72.13% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANLCD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:DCOM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe" = C:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote Agent -- (Mercury Interactive Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\lxdlcoms.exe" = C:\WINDOWS\system32\lxdlcoms.exe:*:Enabled:7500 Series Server -- ( )
"C:\Program Files\Lexmark 7500 Series\lxdlmon.exe" = C:\Program Files\Lexmark 7500 Series\lxdlmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\lxdlcfg.exe" = C:\WINDOWS\system32\lxdlcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdlpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdlpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdltime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdltime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdljswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdljswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- File not found
"C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"\" = C:\WINDOWS\system\svchost.exe:*:Enabled:KL -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}" = Logitech QuickCam
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{29C9417F-1A46-46F3-A9A2-493DF84C7E59}" = CRYPTOCard EUS
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}" = Cisco Systems VPN Client 4.0.4 (D)
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"COMODO Firewall Pro" = COMODO Firewall Pro
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest Professional
"InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"Jagannatha Hora" = Jagannatha Hora
"jZip" = jZip
"Lexmark 7500 Series" = Lexmark 7500 Series
"Logitech Print Service" = Logitech Print Service
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SopCast" = SopCast 3.0.3
"StyleEase for APA Style" = StyleEase for APA Style
"TestDirector" = TestDirector
"TVUPlayer" = TVUPlayer 2.3.6.1
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WDT_ALLVOI Softphone" = WDT World Discount Telecommunications Inc. ALLVOI Softphone
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRunner" = WinRunner
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2010 2:46:09 PM | Computer Name = SANLCD | Source = Google Update | ID = 20
Description =

Error - 1/19/2010 2:51:14 PM | Computer Name = SANLCD | Source = Google Update | ID = 20
Description =

Error - 1/19/2010 2:56:49 PM | Computer Name = SANLCD | Source = Google Update | ID = 20
Description =

Error - 1/20/2010 9:45:27 PM | Computer Name = SANLCD | Source = Google Update | ID = 20
Description =

Error - 1/21/2010 9:09:57 PM | Computer Name = SANLCD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000252c.

Error - 1/21/2010 10:02:05 PM | Computer Name = SANLCD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000252c.

Error - 1/22/2010 6:57:14 AM | Computer Name = SANLCD | Source = Google Update | ID = 20
Description =

Error - 1/22/2010 6:59:46 AM | Computer Name = SANLCD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 6:59:46 AM | Computer Name = SANLCD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 9:52:28 AM | Computer Name = SANLCD | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_33_0_1000.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

[ System Events ]
Error - 1/23/2010 6:29:17 PM | Computer Name = SANLCD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2010 6:29:20 PM | Computer Name = SANLCD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/23/2010 6:29:35 PM | Computer Name = SANLCD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/23/2010 6:29:51 PM | Computer Name = SANLCD | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:29:51 PM | Computer Name = SANLCD | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:29:51 PM | Computer Name = SANLCD | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:29:51 PM | Computer Name = SANLCD | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:29:51 PM | Computer Name = SANLCD | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the IIS
Admin service which failed to start because of the following error: %%1068

Error - 1/23/2010 6:29:51 PM | Computer Name = SANLCD | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing service depends on the IIS Admin service
which failed to start because of the following error: %%1068

Error - 1/23/2010 6:29:51 PM | Computer Name = SANLCD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv
Tcpip


< End of report >

#2 Mjöllnir

  • Group: Retired Staff
  • Posts: 1,207
  • Joined: 01-August 09

Posted 26 January 2010 - 06:56 PM

Welcome to Geeks to Go, Roorkie.

I will be helping you with your malware issues.

Before we get started, please read the following.
  • Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before I will be allowed to post them to you.
  • Please completely read through all instructions given you before attempting to follow them. If you are confused about any part of the instructions, post back with your questions and we'll figure things out.
  • Please post all logs in their entirety. DO NOT attach logs to a post unless I ask you to do that. Rather copy and paste the contents of the logs directly into the post.
  • Please refrain from running any tools or otherwise performing any fixes other than what I ask you to do.
  • Finally, do not PM me directly for help. If you have any questions, post them in this topic.


I'll be reviewing your logs and will return with a plan ASAP.

#3 Mjöllnir

  • Group: Retired Staff
  • Posts: 1,207
  • Joined: 01-August 09

Posted 27 January 2010 - 09:52 AM

Hello, Roorkie.


Your logs are several days old now and I would like to get a fresh look at things. Could you please run the following and post the resultant logs?


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.



Download OTS to your desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box labeled Scan All Users
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside
    • Reg - ActiveX StubPath
    • Reg - App Paths
    • Reg - Approved Shell Extensions
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - Drivers32
    • Reg - Ext
    • Reg - File Associations
    • Reg - IE Explorer Bars
    • Reg - NetSvcs
    • Reg - Protocol Filters
    • Reg - Protocol Handlers
    • Reg - SafeBoot Minimal
    • Reg - SafeBoot Network
    • Reg - Session Manager Settings
    • Reg - Winsock2 Catalogs
    • Evnt - EventViewer Logs ( Last 10 Errors )
    • File - Lop Check
    • File - Purity Scan


  • Under the Custom Scans box at the bottom left paste the following in
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    beep.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete, Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, then click on it to uncheck it.


Please attach the log in your next post.
(Note, The last line is < End of Report >, so make sure that is the last line in the attached report)

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

#4 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

Posted 28 January 2010 - 07:24 AM

Hi Mjöllnir,

I have downloaded GMER and OTS but couldn't able to run as the GMER hangs everytime I run. So I ran the GMER
in SAFE mode. One of the step click OK, when clicked window disappeared and couldn't able to save the log. I am re running the GMER, will get back to you once both logs are completed. Thank you for your response.

Roorkie

#5 Mjöllnir

  • Group: Retired Staff
  • Posts: 1,207
  • Joined: 01-August 09

Posted 28 January 2010 - 09:58 AM

Okay.

#6 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

Posted 28 January 2010 - 06:39 PM

Please find the the logs from GMER and OTS tools.
Attached File  GMER.txt (17.76K)
Number of downloads: 98Attached File  OTS.Txt (226.96K)
Number of downloads: 146

Roorkie

#7 Mjöllnir

  • Group: Retired Staff
  • Posts: 1,207
  • Joined: 01-August 09

Posted 29 January 2010 - 02:02 PM

Hello.

Please continue with the steps below.


WARNING - Your computer has been infected by a backdoor Trojan!

From your log(s), one or more of the identified infections are Backdoor Trojans. Backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the author.

If this computer is ever used for online banking, I suggest you do the following IMMEDIATELY:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online banking / financial purposes until we give it an all clear.

If you want to continue fixing, please follow the steps below.




»» Step 1 ««


Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Quote

[Kill All Processes]
[Unregister Dlls]
[Driver Services - Safe List]
YY -> (399T0) 399T0 [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\399T0.sys
YY -> (jbqyvgbu) jbqyvgbu [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\jbqyvgbu.sys
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {AD5BD51E-8705-43AE-AB93-D78969CB254A} [HKLM] -> C:\WINDOWS\System32\cphqjcr.dll []
YN -> {fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Realtek Sound Software" -> C:\WINDOWS\System32\config\systemprofile\Application Data\Drivers\sound.exe [C:\WINDOWS\system32\config\systemprofile\Application Data\Drivers\sound.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Realtek Sound Software" -> C:\WINDOWS\System32\config\systemprofile\Application Data\Drivers\sound.exe [C:\WINDOWS\system32\config\systemprofile\Application Data\Drivers\sound.exe]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "mufinujiga" -> C:\WINDOWS\System32\govenoge.DLL [Rundll32.exe "C:\WINDOWS\system32\govenoge.dll",s]
< WinNT Load [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
*load* -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system\svchost.exe -> C:\WINDOWS\system\svchost.exe
< WinNT Load [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
< WinNT Load [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
*load* -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system\svchost.exe -> C:\WINDOWS\system\svchost.exe
< WinNT Load [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 57 domain(s) and sub-domain(s) not assigned to a zone. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 57 domain(s) and sub-domain(s) not assigned to a zone. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2052111302-884357618-725345543-500\] > -> HKEY_USERS\S-1-5-21-2052111302-884357618-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 57 domain(s) and sub-domain(s) not assigned to a zone. ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\fusitiwe.dll -> C:\WINDOWS\System32\fusitiwe.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YN -> mcenspc.dll ->
YN -> digiwet.dll ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YY -> "%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost]
YY -> "\" -> C:\WINDOWS\system\svchost.exe [C:\WINDOWS\system\svchost.exe:*:Enabled:KL]
YY -> "C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" -> C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll [C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin]
YY -> "C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" -> C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin]
YY -> "C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk]
YY -> "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" -> C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player ]
[Registry - Additional Scans - Safe List]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.]
YY -> combofix.exe -> E:\Archieve\spyware\ComboFix.exe [E:\Archieve\spyware\ComboFix.exe]
YN -> install.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> JHora.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> ldm.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> setup.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> table30.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> vpngui.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.]
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
YY -> 399T0 -> C:\WINDOWS\system32\drivers\399T0.sys
YN -> GLB84.tmp ->
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
YY -> 399T0 -> C:\WINDOWS\system32\drivers\399T0.sys
YN -> GLB84.tmp ->
[Files/Folders - Modified Within 90 Days]
NY -> imsins.BAK -> C:\WINDOWS\imsins.BAK
NY -> At1.job -> C:\WINDOWS\tasks\At1.job
NY -> .sys -> C:\WINDOWS\System32\drivers\.sys
NY -> 399T0.sys -> C:\WINDOWS\System32\drivers\399T0.sys
[Files - No Company Name]
NY -> .sys -> C:\WINDOWS\System32\drivers\.sys
NY -> 399T0.sys -> C:\WINDOWS\System32\drivers\399T0.sys
NY -> caeus532.dll -> C:\WINDOWS\System32\caeus532.dll
NY -> cphqjcr.dll.bak -> C:\WINDOWS\System32\cphqjcr.dll.bak
NY -> o0uc9nj.dll -> C:\WINDOWS\System32\o0uc9nj.dll
NY -> clauth2.dll -> C:\WINDOWS\System32\clauth2.dll
NY -> clauth1.dll -> C:\WINDOWS\System32\clauth1.dll
NY -> grcauth2.dll -> C:\WINDOWS\System32\grcauth2.dll
NY -> grcauth1.dll -> C:\WINDOWS\System32\grcauth1.dll
NY -> auf404s.dll -> C:\WINDOWS\System32\auf404s.dll
NY -> prsgrc.dll -> C:\WINDOWS\System32\prsgrc.dll
NY -> ssprs.dll -> C:\WINDOWS\System32\ssprs.dll
NY -> xpp2zwq.dll -> C:\WINDOWS\System32\xpp2zwq.dll
NY -> tzypfhn.dll -> C:\WINDOWS\System32\tzypfhn.dll
NY -> kdmctz6.dll -> C:\WINDOWS\System32\kdmctz6.dll
NY -> hqwpbwy.dll -> C:\WINDOWS\System32\hqwpbwy.dll
[File - Lop Check]
NY -> At1.job -> C:\WINDOWS\Tasks\At1.job
[Purity]
[Empty Temp Folders]
[CreateRestorePoint]
[ClearAllRestorePoints]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




»» Step 2 ««

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**




»» Step 3 ««

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.




»» Step 4 ««

  • Download OTL to your desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Quick Scan button. Do not change any other settings.
    • Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt and post it in your next reply.





»» Step 5 ««

Post Logs
Please post back with the following logs:
  • OTS log of fix actions
  • c:\combofix.txt
  • MBAM log
  • OTL Log

#8 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

Posted 30 January 2010 - 12:19 PM

Mjöllnir,
Please find the logs from the instructions. Avira was still reporting another two .dll have some problem with.
Roorkie

>>>>>>>>OTS<<<<<<<<<<<<<<<
All Processes Killed
[Driver Services - Safe List]
Service 399T0 stopped successfully!
Service 399T0 deleted successfully!
C:\WINDOWS\system32\drivers\399T0.sys moved successfully.
Error: Unable to stop service jbqyvgbu!
Unable to delete service\driver keyjbqyvgbu.
File move failed. C:\WINDOWS\system32\drivers\jbqyvgbu.sys scheduled to be moved on reboot.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD5BD51E-8705-43AE-AB93-D78969CB254A}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD5BD51E-8705-43AE-AB93-D78969CB254A}\ .
File C:\WINDOWS\System32\cphqjcr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Realtek Sound Software deleted successfully.
File C:\WINDOWS\System32\config\systemprofile\Application Data\Drivers\sound.exe not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Realtek Sound Software not found.
File C:\WINDOWS\System32\config\systemprofile\Application Data\Drivers\sound.exe not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mufinujiga deleted successfully.
File C:\WINDOWS\System32\govenoge.DLL not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load:C:\WINDOWS\system\svchost.exe deleted successfully.
File C:\WINDOWS\system\svchost.exe not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load:C:\WINDOWS\system\svchost.exe deleted successfully.
File C:\WINDOWS\system\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\fusitiwe.dll deleted successfully.
File C:\WINDOWS\System32\fusitiwe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mcenspc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digiwet.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe deleted successfully.
File C:\WINDOWS\System32\drivers\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe deleted successfully.
File C:\WINDOWS\System32\drivers\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\\ deleted successfully.
File C:\WINDOWS\system\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll deleted successfully.
File C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe deleted successfully.
File C:\Documents and Settings\san\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe deleted successfully.
File C:\Program Files\Google\Google Talk\googletalk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe deleted successfully.
File C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe\ deleted successfully.
File E:\Archieve\spyware\ComboFix.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\JHora.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ldm.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\table30.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vpngui.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\winnt32.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\399T0\ deleted successfully.
File C:\WINDOWS\system32\drivers\399T0.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GLB84.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\399T0\ deleted successfully.
File C:\WINDOWS\system32\drivers\399T0.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GLB84.tmp\ deleted successfully.
[Files/Folders - Modified Within 90 Days]
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\System32\drivers\.sys moved successfully.
File C:\WINDOWS\System32\drivers\399T0.sys not found!
[Files - No Company Name]
File C:\WINDOWS\System32\drivers\.sys not found!
File C:\WINDOWS\System32\drivers\399T0.sys not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\caeus532.dll
C:\WINDOWS\System32\caeus532.dll moved successfully.
File C:\WINDOWS\System32\cphqjcr.dll.bak not found!
LoadLibrary failed for C:\WINDOWS\System32\o0uc9nj.dll
C:\WINDOWS\System32\o0uc9nj.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\clauth2.dll
C:\WINDOWS\System32\clauth2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\clauth1.dll
C:\WINDOWS\System32\clauth1.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\grcauth2.dll
C:\WINDOWS\System32\grcauth2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\grcauth1.dll
C:\WINDOWS\System32\grcauth1.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\auf404s.dll
C:\WINDOWS\System32\auf404s.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\prsgrc.dll
C:\WINDOWS\System32\prsgrc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\ssprs.dll
C:\WINDOWS\System32\ssprs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\xpp2zwq.dll
C:\WINDOWS\System32\xpp2zwq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\tzypfhn.dll
C:\WINDOWS\System32\tzypfhn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\kdmctz6.dll
C:\WINDOWS\System32\kdmctz6.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\hqwpbwy.dll
C:\WINDOWS\System32\hqwpbwy.dll moved successfully.
[File - Lop Check]
File C:\WINDOWS\Tasks\At1.job not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 364666 bytes
->Temporary Internet Files folder emptied: 64562 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: rescue
->Temp folder emptied: 25802 bytes
->Temporary Internet Files folder emptied: 150183 bytes
->Java cache emptied: 12118713 bytes

User: san
->Temp folder emptied: 20425729 bytes
->Temporary Internet Files folder emptied: 1002935 bytes
->Java cache emptied: 12118713 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1145005 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

Restorepoints cleared and new OTS Restore Point set!
< End of fix log >
OTS by OldTimer - Version 3.1.20.0 fix logfile created on 01302010_101731


>>>>>>>>COMBOFIX<<<<<<<<<<<<<<<
ComboFix 10-01-29.09 - Administrator 01/30/2010 11:31:25.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1785 [GMT -6:00]
Running from: f:\software\Geekstogo\01272010\Fix1\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AegisP.inf
c:\windows\EventSystem.log
c:\windows\system32\Cache
c:\windows\system32\cphqjcr.dll
c:\windows\system32\drivers\heaodmse.sys
c:\windows\system32\drivers\jbqyvgbu.sys
c:\windows\system32\inf
c:\windows\system32\iyxbjor.dll
c:\windows\system32\omecgagy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_JBQYVGBU
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Service_jbqyvgbu


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-28 13:18 . 2010-01-28 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Helios
2010-01-28 00:19 . 2010-01-28 00:19 -------- d-----w- c:\documents and settings\rescue\Application Data\CyberLink
2010-01-28 00:08 . 2010-01-28 00:08 -------- d-----w- c:\documents and settings\rescue\Application Data\Yahoo!
2010-01-27 23:59 . 2009-03-11 04:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-01-27 23:59 . 2009-03-11 04:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-01-27 13:40 . 2010-01-27 13:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 13:39 . 2010-01-27 13:39 152576 ----a-w- c:\documents and settings\san\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-25 09:21 . 2010-01-27 23:59 -------- d-----w- c:\windows\system32\KB905474
2010-01-24 17:27 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-24 17:27 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2010-01-24 17:25 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-24 17:25 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-24 17:24 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-24 17:24 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-24 17:24 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-24 17:24 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-24 17:24 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-24 17:24 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-24 17:24 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-24 17:24 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-24 17:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-24 17:22 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-24 17:13 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-24 17:13 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-23 22:23 . 2007-10-23 15:27 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-01-23 19:31 . 2010-01-23 19:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\jZip
2010-01-23 13:58 . 2009-11-25 17:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-23 13:58 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-23 13:58 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-23 13:58 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\program files\Avira
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-23 13:20 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 13:20 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 13:16 . 2010-01-23 13:16 -------- d-----w- c:\program files\ERUNT
2010-01-22 14:04 . 2010-01-23 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 13:52 . 2010-01-22 13:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-22 13:49 . 2008-05-02 16:41 3493888 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-01-22 13:49 . 2010-01-22 13:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-01-22 11:47 . 2010-01-22 11:47 -------- d-----w- c:\documents and settings\rescue\Local Settings\Application Data\Logitech-LS
2010-01-22 11:37 . 2010-01-22 11:37 -------- d-----w- c:\documents and settings\rescue\Application Data\Malwarebytes
2010-01-22 11:36 . 2010-01-22 11:36 -------- d-----w- c:\documents and settings\rescue\Application Data\7500 Series
2010-01-22 11:36 . 2010-01-22 11:36 -------- d-----w- c:\documents and settings\rescue\Application Data\Comodo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 17:44 . 2009-07-05 00:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-27 13:39 . 2008-06-09 23:44 -------- d-----w- c:\program files\Java
2010-01-23 13:57 . 2008-06-10 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-23 12:35 . 2008-06-10 04:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 10:00 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2002-01-25 17:17 . 2002-01-25 17:17 2238 ----a-w- c:\program files\Common Files\Abbott.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLVOI Softphone"="c:\program files\ALLVOI Softphone\WDT" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-09 4363504]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 3644464]
"Google Update"="c:\documents and settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-01 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-01-22 2836376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-09 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-29 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-29 137752]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-27 149280]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-06-10 1655552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"lxdlamon"="c:\program files\Lexmark 7500 Series\lxdlamon.exe" [2007-06-01 20480]
"Lexmark 7500 Series Fax Server"="c:\program files\Lexmark 7500 Series\fm3032.exe" [2007-06-11 308144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-6-30 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2008-6-11 6144]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lxdlcoms.exe"=
"c:\\Program Files\\Lexmark 7500 Series\\lxdlmon.exe"=
"c:\\WINDOWS\\system32\\lxdlcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdlpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdltime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdljswx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\ALLVOI Softphone\\WDT.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/9/2008 11:58 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/9/2008 11:58 PM 24208]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/23/2010 7:58 AM 108289]
R2 cc-eus;CRYPTOCard EUS;c:\program files\CRYPTOCard EUS\bin\eus.exe [1/24/2005 6:40 AM 65536]
R2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe -service --> c:\windows\system32\lxdlcoms.exe -service [?]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [6/9/2008 7:05 PM 5536]
S1 GLB84.tmp;GLB84.tmp;\??\c:\windows\system32\drivers\HarddiskVolume1\Documents and Settings\san\Local Settings\Temp\GLB84.tmp.sys --> c:\windows\system32\drivers\HarddiskVolume1\Documents and Settings\san\Local Settings\Temp\GLB84.tmp.sys [?]
S2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdlserv.exe [12/13/2008 12:20 PM 99248]
S3 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR --> c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [?]
S3 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [?]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL --> c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aocquvji
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003Core.job
- c:\documents and settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-01 22:07]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003UA.job
- c:\documents and settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-01 22:07]

2010-01-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-27 04:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -

BHO-{AD5BD51E-8705-43AE-AB93-D78969CB254A} - (no file)
BHO-{fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-san - c:\documents and settings\san\san.exe
HKLM-Run-Globe7 - c:\program files\Globe7\Globe7.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 11:41
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Messenger (Yahoo!) = "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet??g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\ShellHook.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\jZip\jZipShell.dll
c:\program files\Logitech\Video\AlbuDBps.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdlcoms.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\msiexec.exe
c:\windows\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
c:\7137e3fd9b9f45b3a6e3\dotnetfx35setup.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\527bae43b12ad74434a812\setup.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\MsiExec.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\javaws.exe
c:\program files\Java\jre6\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2010-01-30 11:47:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-30 17:47

Pre-Run: 66,240,053,248 bytes free
Post-Run: 65,826,074,624 bytes free

- - End Of File - - DC23373331F766286AD66BE2513B4CD7

>>>>>>>>MBAM<<<<<<<<<<<<<<<
Malwarebytes' Anti-Malware 1.44
Database version: 3662
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/30/2010 12:06:20 PM
mbam-log-2010-01-30 (12-06-20).txt

Scan type: Quick Scan
Objects scanned: 129730
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

>>>>>>>>OTL<<<<<<<<<<<<<<<

OTL logfile created on: 1/30/2010 12:09:40 PM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = F:\Software\Geekstogo
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 61.03 Gb Free Space | 81.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 5.38 Gb Free Space | 72.02% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANLCD
Current User Name: san
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - F:\Software\Geekstogo\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\COMODO\Firewall\cmdagent.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Lexmark 7500 Series\lxdlamon.exe ()
PRC - C:\WINDOWS\system32\lxdlcoms.exe ( )
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CRYPTOCard EUS\bin\eus.exe (Alexandria Software Consulting)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - F:\Software\Geekstogo\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll ()
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (lxdl_device) -- C:\WINDOWS\System32\lxdlcoms.exe ( )
SRV - (lxdlCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdlserv.exe ()
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (OracleServiceORCL) -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerORCL) -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ()
SRV - (OracleDBConsoleORCL) -- C:\oracle\product\10.2.0\db_1\BIN\nmesrvc.exe (Oracle Corporation)
SRV - (OracleOraDb10g_home1iSQL*Plus) -- C:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe (Oracle)
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe ()
SRV - (cc-eus) -- C:\Program Files\CRYPTOCard EUS\bin\eus.exe (Alexandria Software Consulting)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost



O1 HOSTS File: ([2010/01/30 11:41:37 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AD5BD51E-8705-43AE-AB93-D78969CB254A} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 7500 Series Fax Server] C:\Program Files\Lexmark 7500 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdlamon] C:\Program Files\Lexmark 7500 Series\lxdlamon.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ALLVOI Softphone] C:\Program Files\ALLVOI Softphone\WDT.exe ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1213050334203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1220285731921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - File not found
O20 - AppInit_DLLs: (c:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 11:46:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:26:23 | 00,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e02e14ca-075c-11df-93d8-c3ac5bedc70a}\Shell - "" = AutoRun
O33 - MountPoints2\{e02e14ca-075c-11df-93d8-c3ac5bedc70a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e02e14ca-075c-11df-93d8-c3ac5bedc70a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 01:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/30 11:52:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/30 11:50:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/01/30 11:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/01/30 11:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/01/30 11:50:12 | 00,000,000 | ---D | C] -- C:\3a06f0c13f75db3b6b2588
[2010/01/30 11:44:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP
[2010/01/30 11:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/30 11:29:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/30 11:29:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/30 11:29:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/30 11:29:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/30 11:25:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/25 03:21:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/01/23 07:58:15 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/23 07:58:15 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/23 07:58:15 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/23 07:58:15 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/23 07:45:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/01/23 07:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/23 07:20:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/23 07:17:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 07:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/23 06:35:10 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\san\Desktop\setup-spybotsd162.exe
[2010/01/23 04:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\san\My Documents\Downloads
[2010/01/22 08:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 07:52:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/13 12:15:39 | 00,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhcp.dll
[2008/12/13 12:15:39 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlinpa.dll
[2008/12/13 12:15:39 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdliesc.dll
[2008/12/13 12:15:38 | 01,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlserv.dll
[2008/12/13 12:15:38 | 00,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlusb1.dll
[2008/12/13 12:15:38 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlpmui.dll
[2008/12/13 12:15:38 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlprox.dll
[2008/12/13 12:15:37 | 00,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdllmpm.dll
[2008/12/13 12:15:35 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhbn3.dll
[2008/12/13 12:15:34 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomc.dll
[2008/12/13 12:15:34 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomm.dll
[2008/06/09 19:20:21 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2008/06/09 17:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2008/06/09 11:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[11 C:\Documents and Settings\san\My Documents\*.tmp files -> C:\Documents and Settings\san\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/30 12:00:57 | 00,578,746 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/30 12:00:57 | 00,482,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/30 12:00:57 | 00,085,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/30 11:57:41 | 00,018,504 | ---- | M] () -- C:\Documents and Settings\san\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/30 11:57:41 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003UA.job
[2010/01/30 11:56:25 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/01/30 11:56:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/30 11:56:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/30 11:55:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/30 11:55:56 | 00,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/30 11:49:21 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\san\NTUSER.DAT
[2010/01/30 11:49:21 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\san\ntuser.ini
[2010/01/30 11:41:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/30 11:41:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/27 18:28:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/24 19:57:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003Core.job
[2010/01/23 07:58:29 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 06:40:51 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\san\Desktop\setup-spybotsd162.exe
[2010/01/21 10:54:29 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\san\Desktop\company_profile[1].ppt
[2010/01/21 05:59:49 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\san\Desktop\google chrome.lnk
[2004/08/04 04:00:00 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\cphqjcr.dll.bak
[11 C:\Documents and Settings\san\My Documents\*.tmp files -> C:\Documents and Settings\san\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/30 11:29:23 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/30 11:29:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/30 11:29:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/30 11:29:23 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/30 11:29:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/27 18:20:03 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\san\Desktop\gmer.exe
[2010/01/27 17:59:48 | 00,000,254 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/01/23 07:58:28 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 10:52:14 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\san\Desktop\company_profile[1].ppt
[2009/10/17 22:39:31 | 00,002,832 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AD5BD51E-8705-43AE-AB93-D78969CB254A.txt
[2009/10/17 12:12:17 | 00,003,668 | ---- | C] () -- C:\Documents and Settings\san\Local Settings\Application Data\AD5BD51E-8705-43AE-AB93-D78969CB254A.txt
[2009/07/04 18:36:21 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\san\Application Data\Smiley.ico
[2008/12/23 22:46:49 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\san\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 12:20:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdlvs.dll
[2008/12/13 12:20:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlcoin.dll
[2008/12/13 12:19:50 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdldrs.dll
[2008/12/13 12:19:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdlcnv4.dll
[2008/12/13 12:19:50 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdlcaps.dll
[2008/12/13 12:18:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDLPMON.DLL
[2008/12/13 12:18:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDLFXPU.DLL
[2008/12/13 12:18:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdloem.dll
[2008/12/13 12:15:57 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdlrwrd.ini
[2008/12/13 12:15:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlinst.dll
[2008/12/13 12:15:35 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdlgrd.dll
[2008/06/30 21:04:14 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/06/30 21:04:14 | 00,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/30 21:04:12 | 00,201,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV302AV.SYS
[2008/06/30 21:03:43 | 00,000,252 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/06/19 17:54:31 | 00,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/06/12 16:43:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1b.INI
[2008/06/11 13:38:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1a.INI
[2008/06/09 23:58:41 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/06/09 19:20:21 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/06/09 19:20:21 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/06/09 19:20:21 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/06/09 19:20:21 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/06/09 19:15:25 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/06/09 19:15:25 | 00,007,108 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/06/09 19:13:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/06/09 18:58:54 | 00,001,909 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/06/09 16:05:16 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/06/09 16:05:16 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/06/09 16:05:01 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/06/09 16:05:00 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/06/09 16:04:59 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/06/09 16:04:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/06/09 15:44:20 | 00,000,830 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/09 13:39:41 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/06/09 13:39:41 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/06/09 13:39:41 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/09 13:39:41 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/04 04:00:00 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\cphqjcr.dll.bak
[2004/06/16 12:07:48 | 00,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2002/01/25 11:17:28 | 00,002,238 | ---- | C] () -- C:\Program Files\Common Files\Abbott.ico
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/12/13 12:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7500 Series
[2010/01/30 12:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/26 15:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/12/13 22:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\7500 Series
[2009/02/26 22:26:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\CiscoCAA
[2008/06/30 21:05:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\FotoWire
[2009/02/07 14:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Globe7
[2008/06/09 17:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Helios
[2008/11/30 23:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\ImgBurn
[2008/12/25 11:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Lexmark Productivity Studio
[2009/02/10 19:12:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\OfficeUpdate12
[2009/06/22 20:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\uTorrent
[2009/06/20 09:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\webex
[2010/01/30 11:56:25 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#9 Mjöllnir

  • Group: Retired Staff
  • Posts: 1,207
  • Joined: 01-August 09

Posted 31 January 2010 - 11:53 AM

Hello.


Quote

Avira was still reporting another two .dll have some problem with.

What files is it reporting as being a problem?


Just a couple of things to fix and then we'll take a deeper look inside your system and make sure there isn't anything else lurking about.


»» Step 1 ««

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AD5BD51E-8705-43AE-AB93-D78969CB254A} - No CLSID value found.
O2 - BHO: (no name) - {fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - File not found
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - File not found
[2004/08/04 04:00:00 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\cphqjcr.dll.bak

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.





»» Step 2 ««

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
aocquvji

NetSvc::
aocquvji



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post C:\Combofix.txt in your next reply.




»» Step 3 ««

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image


  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply





»» Step 4 ««

Post Logs
Please post back with the following logs:
  • OTL log
  • C:\Combofix.txt
  • KasReport.txt
  • How your computer is running now

#10 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

Posted 31 January 2010 - 03:19 PM

Hi,

Not much success on these instructions. Step 1 & 2 are successful where as Step 3 is failed with Uninterrupted error connnection. Please find the logs from Steps 1 & 2 and error from Step 3.

>>>>>>>>>>>>>>>>>>>>>>>>Kaspersky Error<<<<<<<<<<<<<<<<<<<<<<<
Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.


>>>>>>>>>>>>>>>>>>>>>>>>>OTL<<<<<<<<<<<<<<<<<<<
OTL logfile created on: 1/31/2010 2:36:58 PM - Run 3
OTL by OldTimer - Version 3.1.26.0 Folder = F:\Software\Geekstogo
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 60.93 Gb Free Space | 81.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 5.38 Gb Free Space | 72.01% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANLCD
Current User Name: san
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - F:\Software\Geekstogo\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\COMODO\Firewall\cfp.exe ()
PRC - C:\Program Files\COMODO\Firewall\cmdagent.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Lexmark 7500 Series\lxdlamon.exe ()
PRC - C:\WINDOWS\system32\lxdlcoms.exe ( )
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CRYPTOCard EUS\bin\eus.exe (Alexandria Software Consulting)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - F:\Software\Geekstogo\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll ()
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (lxdl_device) -- C:\WINDOWS\System32\lxdlcoms.exe ( )
SRV - (lxdlCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdlserv.exe ()
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (OracleServiceORCL) -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerORCL) -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ()
SRV - (OracleDBConsoleORCL) -- C:\oracle\product\10.2.0\db_1\BIN\nmesrvc.exe (Oracle Corporation)
SRV - (OracleOraDb10g_home1iSQL*Plus) -- C:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe (Oracle)
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe ()
SRV - (cc-eus) -- C:\Program Files\CRYPTOCard EUS\bin\eus.exe (Alexandria Software Consulting)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost



O1 HOSTS File: ([2010/01/30 11:41:37 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AD5BD51E-8705-43AE-AB93-D78969CB254A} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 7500 Series Fax Server] C:\Program Files\Lexmark 7500 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdlamon] C:\Program Files\Lexmark 7500 Series\lxdlamon.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ALLVOI Softphone] C:\Program Files\ALLVOI Softphone\WDT.exe ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1213050334203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1220285731921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 11:46:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:26:23 | 00,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/31 14:35:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP
[2010/01/31 14:32:28 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/30 11:52:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/30 11:50:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/01/30 11:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/01/30 11:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/01/30 11:50:12 | 00,000,000 | ---D | C] -- C:\3a06f0c13f75db3b6b2588
[2010/01/30 11:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/30 11:29:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/30 11:29:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/30 11:29:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/30 11:29:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/30 11:25:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/25 03:21:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/01/23 07:58:15 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/23 07:58:15 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/23 07:58:15 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/23 07:58:15 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/23 07:45:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/01/23 07:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/23 07:20:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/23 07:17:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 07:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/23 06:35:10 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\san\Desktop\setup-spybotsd162.exe
[2010/01/23 04:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\san\My Documents\Downloads
[2010/01/22 08:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 07:52:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/13 12:15:39 | 00,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhcp.dll
[2008/12/13 12:15:39 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlinpa.dll
[2008/12/13 12:15:39 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdliesc.dll
[2008/12/13 12:15:38 | 01,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlserv.dll
[2008/12/13 12:15:38 | 00,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlusb1.dll
[2008/12/13 12:15:38 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlpmui.dll
[2008/12/13 12:15:38 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlprox.dll
[2008/12/13 12:15:37 | 00,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdllmpm.dll
[2008/12/13 12:15:35 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhbn3.dll
[2008/12/13 12:15:34 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomc.dll
[2008/12/13 12:15:34 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomm.dll
[2008/06/09 19:20:21 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2008/06/09 17:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2008/06/09 11:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[11 C:\Documents and Settings\san\My Documents\*.tmp files -> C:\Documents and Settings\san\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/31 14:38:32 | 00,578,746 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/31 14:38:32 | 00,482,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/31 14:38:32 | 00,085,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/31 14:36:10 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/01/31 14:34:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/31 14:33:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/31 14:33:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/31 14:32:48 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\san\NTUSER.DAT
[2010/01/31 14:32:48 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\san\ntuser.ini
[2010/01/31 13:57:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003UA.job
[2010/01/30 11:57:41 | 00,018,504 | ---- | M] () -- C:\Documents and Settings\san\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/30 11:55:56 | 00,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/30 11:41:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/30 11:41:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/27 18:28:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/24 19:57:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003Core.job
[2010/01/23 07:58:29 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 06:40:51 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\san\Desktop\setup-spybotsd162.exe
[2010/01/21 10:54:29 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\san\Desktop\company_profile[1].ppt
[2010/01/21 05:59:49 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\san\Desktop\google chrome.lnk
[11 C:\Documents and Settings\san\My Documents\*.tmp files -> C:\Documents and Settings\san\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/30 11:29:23 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/30 11:29:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/30 11:29:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/30 11:29:23 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/30 11:29:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/27 18:20:03 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\san\Desktop\gmer.exe
[2010/01/27 17:59:48 | 00,000,254 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/01/23 07:58:28 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 10:52:14 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\san\Desktop\company_profile[1].ppt
[2009/10/17 22:39:31 | 00,002,832 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AD5BD51E-8705-43AE-AB93-D78969CB254A.txt
[2009/10/17 12:12:17 | 00,003,668 | ---- | C] () -- C:\Documents and Settings\san\Local Settings\Application Data\AD5BD51E-8705-43AE-AB93-D78969CB254A.txt
[2009/07/04 18:36:21 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\san\Application Data\Smiley.ico
[2008/12/23 22:46:49 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\san\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 12:20:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdlvs.dll
[2008/12/13 12:20:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlcoin.dll
[2008/12/13 12:19:50 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdldrs.dll
[2008/12/13 12:19:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdlcnv4.dll
[2008/12/13 12:19:50 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdlcaps.dll
[2008/12/13 12:18:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDLPMON.DLL
[2008/12/13 12:18:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDLFXPU.DLL
[2008/12/13 12:18:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdloem.dll
[2008/12/13 12:15:57 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdlrwrd.ini
[2008/12/13 12:15:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlinst.dll
[2008/12/13 12:15:35 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdlgrd.dll
[2008/06/30 21:04:14 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/06/30 21:04:14 | 00,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/30 21:04:12 | 00,201,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV302AV.SYS
[2008/06/30 21:03:43 | 00,000,252 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/06/19 17:54:31 | 00,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/06/12 16:43:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1b.INI
[2008/06/11 13:38:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1a.INI
[2008/06/09 23:58:41 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/06/09 19:20:21 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/06/09 19:20:21 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/06/09 19:20:21 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/06/09 19:20:21 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/06/09 19:15:25 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/06/09 19:15:25 | 00,007,108 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/06/09 19:13:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/06/09 18:58:54 | 00,001,909 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/06/09 16:05:16 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/06/09 16:05:16 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/06/09 16:05:01 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/06/09 16:05:00 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/06/09 16:04:59 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/06/09 16:04:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/06/09 15:44:20 | 00,000,830 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/09 13:39:41 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/06/09 13:39:41 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/06/09 13:39:41 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/09 13:39:41 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/06/16 12:07:48 | 00,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2002/01/25 11:17:28 | 00,002,238 | ---- | C] () -- C:\Program Files\Common Files\Abbott.ico
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/12/13 12:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7500 Series
[2010/01/31 14:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/26 15:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/12/13 22:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\7500 Series
[2009/02/26 22:26:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\CiscoCAA
[2008/06/30 21:05:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\FotoWire
[2009/02/07 14:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Globe7
[2008/06/09 17:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Helios
[2008/11/30 23:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\ImgBurn
[2008/12/25 11:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Lexmark Productivity Studio
[2009/02/10 19:12:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\OfficeUpdate12
[2009/06/22 20:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\uTorrent
[2009/06/20 09:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\webex
[2010/01/31 14:36:10 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
>>>>>>>>>>>>>>>>>>>>>>>>>>ComboFix<<<<<<<<<<<<<<<<<<<<<<<<
ComboFix 10-01-29.09 - san 01/31/2010 14:45:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1462 [GMT -6:00]
Running from: f:\software\Geekstogo\01272010\Fix2\ComboFix.exe
Command switches used :: f:\software\Geekstogo\01272010\Fix2\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AOCQUVJI


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 20:35 . 2010-01-31 20:36 -------- d-----w- c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP
2010-01-28 13:18 . 2010-01-28 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Helios
2010-01-28 00:19 . 2010-01-28 00:19 -------- d-----w- c:\documents and settings\rescue\Application Data\CyberLink
2010-01-28 00:08 . 2010-01-28 00:08 -------- d-----w- c:\documents and settings\rescue\Application Data\Yahoo!
2010-01-27 23:59 . 2009-03-11 04:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-01-27 23:59 . 2009-03-11 04:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-01-27 13:40 . 2010-01-27 13:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 13:39 . 2010-01-27 13:39 152576 ----a-w- c:\documents and settings\san\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-25 09:21 . 2010-01-27 23:59 -------- d-----w- c:\windows\system32\KB905474
2010-01-24 17:27 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-24 17:27 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2010-01-24 17:25 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-24 17:25 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-24 17:24 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-24 17:24 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-24 17:24 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-24 17:24 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-24 17:24 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-24 17:24 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-24 17:24 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-24 17:24 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-24 17:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-24 17:22 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-24 17:13 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-24 17:13 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-23 22:23 . 2007-10-23 15:27 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-01-23 19:31 . 2010-01-23 19:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\jZip
2010-01-23 13:58 . 2009-11-25 17:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-23 13:58 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-23 13:58 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-23 13:58 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\program files\Avira
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-23 13:20 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 13:20 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 13:16 . 2010-01-23 13:16 -------- d-----w- c:\program files\ERUNT
2010-01-22 14:04 . 2010-01-23 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 13:52 . 2010-01-22 13:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-22 13:49 . 2008-05-02 16:41 3493888 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-01-22 13:49 . 2010-01-22 13:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-01-22 11:47 . 2010-01-22 11:47 -------- d-----w- c:\documents and settings\rescue\Local Settings\Application Data\Logitech-LS
2010-01-22 11:37 . 2010-01-22 11:37 -------- d-----w- c:\documents and settings\rescue\Application Data\Malwarebytes
2010-01-22 11:36 . 2010-01-22 11:36 -------- d-----w- c:\documents and settings\rescue\Application Data\7500 Series
2010-01-22 11:36 . 2010-01-22 11:36 -------- d-----w- c:\documents and settings\rescue\Application Data\Comodo
2010-01-22 11:36 . 2010-01-22 11:36 -------- d-----w- c:\documents and settings\rescue\Local Settings\Application Data\PowerDVD DX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 20:52 . 2009-07-05 00:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-30 17:57 . 2008-06-09 19:45 18504 ----a-w- c:\documents and settings\san\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 17:50 . 2010-01-30 17:50 -------- d-----w- c:\program files\MSBuild
2010-01-30 17:50 . 2010-01-30 17:50 -------- d-----w- c:\program files\Reference Assemblies
2010-01-27 13:39 . 2008-06-09 23:44 -------- d-----w- c:\program files\Java
2010-01-23 13:57 . 2008-06-10 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-23 12:35 . 2008-06-10 04:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 10:00 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2002-01-25 17:17 . 2002-01-25 17:17 2238 ----a-w- c:\program files\Common Files\Abbott.ico
.

((((((((((((((((((((((((((((( SnapShot@2010-01-30_17.41.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-31 20:50 . 2010-01-31 20:50 16384 c:\windows\temp\Perflib_Perfdata_538.dat
+ 2008-07-30 03:10 . 2008-07-30 03:10 26112 c:\windows\system32\TsWpfWrp.exe
- 2008-06-09 19:51 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2008-06-09 19:51 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2010-01-30 17:50 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2008-06-14 03:59 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2008-06-14 03:59 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2008-07-30 01:59 . 2008-07-30 01:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-04 10:00 . 2010-01-31 20:38 85212 c:\windows\system32\perfc009.dat
+ 2008-07-25 17:17 . 2008-07-25 17:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 83968 c:\windows\system32\mscories.dll
+ 2008-07-30 01:24 . 2008-07-30 01:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-30 01:24 . 2008-07-30 01:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-30 03:10 . 2008-07-30 03:10 73720 c:\windows\system32\dxva2.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 96760 c:\windows\system32\dfshim.dll
+ 2008-07-30 05:40 . 2008-07-30 05:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 05:40 . 2008-07-30 05:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 05:40 . 2008-07-30 05:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 03:10 . 2008-07-30 03:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 01:59 . 2008-07-30 01:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 03:10 . 2008-07-30 03:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 01:32 . 2008-07-30 01:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 01:16 . 2008-07-30 01:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 01:16 . 2008-07-30 01:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 01:16 . 2008-07-30 01:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 01:16 . 2008-07-30 01:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 17:17 . 2008-07-25 17:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-04-13 08:21 . 2007-04-13 08:21 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 10:59 . 2008-11-25 10:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 03:07 . 2008-07-30 03:07 23040 c:\windows\Installer\92492.msp
+ 2010-01-30 17:49 . 2010-01-30 17:49 88576 c:\windows\Installer\4307b.msi
+ 2010-01-30 17:50 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2010-01-30 18:00 . 2010-01-30 18:00 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2010-01-30 17:58 . 2010-01-30 17:58 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2010-01-30 17:57 . 2010-01-30 17:57 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2010-01-30 18:19 . 2010-01-30 18:19 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2010-01-30 17:50 . 2010-01-30 17:50 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-09-19 13:06 . 2008-09-19 13:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-09-19 13:06 . 2008-09-19 13:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla39.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla38.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla37.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla36.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla35.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla33.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla27.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla26.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla25.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla24.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla23.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla22.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla21.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla18.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 81992 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-30 05:40 . 2008-07-30 05:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 14:29 . 2005-09-23 14:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-04-13 08:21 . 2007-04-13 08:21 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-04-13 08:20 . 2007-04-13 08:20 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2010-01-30 17:51 . 2010-01-30 17:51 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-09-19 13:07 . 2008-09-19 13:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 03:26 . 2008-07-30 03:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2010-01-30 17:50 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2008-07-30 01:59 . 2008-07-30 01:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2010-01-30 17:50 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2008-12-13 18:18 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
- 2008-12-13 18:18 . 2007-05-15 07:08 761344 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2008-12-13 18:18 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2008-12-13 18:18 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
- 2008-12-13 18:18 . 2008-04-13 23:12 373248 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2010-01-30 17:50 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 22:15 . 2006-08-24 22:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-30 01:59 . 2008-07-30 01:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 02:35 . 2008-07-30 02:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-30 01:59 . 2008-07-30 01:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-08-04 10:00 . 2010-01-31 20:38 482982 c:\windows\system32\perfh009.dat
+ 2008-07-25 17:16 . 2008-07-25 17:16 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 282112 c:\windows\system32\mscoree.dll
+ 2008-06-09 22:05 . 2010-01-31 20:50 224189 c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-07-30 01:24 . 2008-07-30 01:24 622080 c:\windows\system32\icardagt.exe
+ 2008-06-09 10:37 . 2010-01-30 17:55 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 03:10 . 2008-07-30 03:10 493048 c:\windows\system32\evr.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2010-01-30 17:50 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 05:40 . 2008-07-30 05:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-30 00:47 . 2008-07-30 00:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 00:47 . 2008-07-30 00:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 05:15 . 2008-07-30 05:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 05:40 . 2008-07-30 05:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 05:40 . 2008-07-30 05:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 02:35 . 2008-07-30 02:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 01:59 . 2008-07-30 01:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 03:10 . 2008-07-30 03:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 01:16 . 2008-07-30 01:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 01:16 . 2008-07-30 01:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 01:16 . 2008-07-30 01:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 01:16 . 2008-07-30 01:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 01:16 . 2008-07-30 01:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 01:16 . 2008-07-30 01:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 01:16 . 2008-07-30 01:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 01:24 . 2008-07-30 01:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 01:16 . 2008-07-30 01:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 10:59 . 2008-11-25 10:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2007-04-13 08:21 . 2007-04-13 08:21 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 08:21 . 2007-04-13 08:21 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 08:21 . 2007-04-13 08:21 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 10:59 . 2008-11-25 10:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2007-04-13 08:21 . 2007-04-13 08:21 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 10:59 . 2008-11-25 10:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 10:59 . 2008-11-25 10:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 14:29 . 2005-09-23 14:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 14:29 . 2005-09-23 14:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2007-04-13 08:21 . 2007-04-13 08:21 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 08:20 . 2007-04-13 08:20 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 17:16 . 2008-07-25 17:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 17:17 . 2008-07-25 17:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 15:58 . 2008-12-13 15:58 754688 c:\windows\Installer\9fc21.msp
+ 2010-01-30 17:51 . 2010-01-30 17:51 648192 c:\windows\Installer\9fbfe.msi
+ 2008-07-30 03:23 . 2008-07-30 03:23 250880 c:\windows\Installer\9249b.msp
+ 2008-07-30 03:28 . 2008-07-30 03:28 278016 c:\windows\Installer\92499.msp
+ 2008-07-30 01:40 . 2008-07-30 01:40 291840 c:\windows\Installer\92497.msp
+ 2010-01-30 17:51 . 2010-01-30 17:51 137728 c:\windows\Installer\92491.msi
+ 2008-07-29 23:35 . 2008-07-29 23:35 553472 c:\windows\Installer\43080.msp
+ 2008-07-29 23:33 . 2008-07-29 23:33 506368 c:\windows\Installer\4307e.msp
+ 2008-07-29 23:37 . 2008-07-29 23:37 911360 c:\windows\Installer\4307d.msp
+ 2010-01-30 17:50 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2010-01-30 18:00 . 2010-01-30 18:00 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2010-01-30 18:00 . 2010-01-30 18:00 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2010-01-30 18:00 . 2010-01-30 18:00 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2010-01-30 18:18 . 2010-01-30 18:18 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2010-01-30 18:18 . 2010-01-30 18:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2010-01-30 18:19 . 2010-01-30 18:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2010-01-30 17:58 . 2010-01-30 17:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2010-01-30 17:58 . 2010-01-30 17:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2010-01-30 17:58 . 2010-01-30 17:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2010-01-30 17:58 . 2010-01-30 17:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2010-01-30 18:19 . 2010-01-30 18:19 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2010-01-30 18:19 . 2010-01-30 18:19 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-09-19 13:07 . 2008-09-19 13:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 110859 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla50.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 110502 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla44.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 111260 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla43.dll
+ 2010-01-31 20:35 . 2010-01-31 20:35 111476 c:\windows\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP\WiseCustomCalla41.exe
+ 2010-01-30 17:50 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2010-01-30 17:50 . 2008-07-06 23:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2010-01-30 17:50 . 2008-07-06 23:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2010-01-30 17:50 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2008-07-30 05:40 . 2008-07-30 05:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 00:47 . 2008-07-30 00:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-30 00:47 . 2008-07-30 00:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 05:40 . 2008-07-30 05:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-06 01:35 . 2008-12-06 01:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 03:10 . 2008-07-30 03:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 03:10 . 2008-07-30 03:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 02:12 . 2008-12-06 02:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 10:59 . 2008-11-25 10:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 10:59 . 2008-11-25 10:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 17:17 . 2008-07-25 17:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 10:59 . 2008-11-25 10:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 10:59 . 2008-11-25 10:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 17:16 . 2008-07-25 17:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 15:57 . 2008-12-13 15:57 8397824 c:\windows\Installer\9fc0c.msp
+ 2008-07-30 01:26 . 2008-07-30 01:26 1043456 c:\windows\Installer\9249a.msp
+ 2008-07-30 02:37 . 2008-07-30 02:37 2679808 c:\windows\Installer\92498.msp
+ 2008-07-30 03:15 . 2008-07-30 03:15 3697664 c:\windows\Installer\92496.msp
+ 2008-07-30 01:34 . 2008-07-30 01:34 1448448 c:\windows\Installer\92495.msp
+ 2008-07-30 02:22 . 2008-07-30 02:22 4137984 c:\windows\Installer\92494.msp
+ 2008-07-30 01:18 . 2008-07-30 01:18 3376640 c:\windows\Installer\92493.msp
+ 2008-07-29 23:45 . 2008-07-29 23:45 2543616 c:\windows\Installer\43084.msp
+ 2008-07-29 23:29 . 2008-07-29 23:29 2926080 c:\windows\Installer\43083.msp
+ 2008-07-29 23:41 . 2008-07-29 23:41 6487040 c:\windows\Installer\43082.msp
+ 2008-07-29 23:39 . 2008-07-29 23:39 3403264 c:\windows\Installer\43081.msp
+ 2008-07-29 23:43 . 2008-07-29 23:43 1013248 c:\windows\Installer\4307f.msp
+ 2008-07-29 23:31 . 2008-07-29 23:31 6083072 c:\windows\Installer\4307c.msp
+ 2010-01-30 17:58 . 2010-01-30 17:58 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2010-01-30 18:00 . 2010-01-30 18:00 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2010-01-30 17:57 . 2010-01-30 17:57 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2010-01-30 18:00 . 2010-01-30 18:00 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2010-01-30 18:00 . 2010-01-30 18:00 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2010-01-30 18:18 . 2010-01-30 18:18 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2010-01-30 18:18 . 2010-01-30 18:18 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2010-01-30 17:57 . 2010-01-30 17:57 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2010-01-30 18:20 . 2010-01-30 18:20 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-01-30 17:51 . 2010-01-30 17:51 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-01-30 17:50 . 2010-01-30 17:50 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-01-30 17:53 . 2010-01-30 17:53 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-13 16:21 . 2008-12-13 16:21 10473472 c:\windows\Installer\9fc16.msp
+ 2010-01-30 18:00 . 2010-01-30 18:00 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2010-01-30 18:21 . 2010-01-30 18:21 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2010-01-30 18:19 . 2010-01-30 18:19 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2010-01-30 17:59 . 2010-01-30 17:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2010-01-30 17:58 . 2010-01-30 17:58 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2010-01-30 17:58 . 2010-01-30 17:58 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2010-01-30 17:54 . 2010-01-30 17:54 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLVOI Softphone"="c:\program files\ALLVOI Softphone\WDT" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-09 4363504]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 3644464]
"Google Update"="c:\documents and settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-01 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-01-22 2836376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-09 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-29 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-29 137752]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-27 149280]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-06-10 1655552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"lxdlamon"="c:\program files\Lexmark 7500 Series\lxdlamon.exe" [2007-06-01 20480]
"Lexmark 7500 Series Fax Server"="c:\program files\Lexmark 7500 Series\fm3032.exe" [2007-06-11 308144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-6-30 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2008-6-11 6144]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lxdlcoms.exe"=
"c:\\Program Files\\Lexmark 7500 Series\\lxdlmon.exe"=
"c:\\WINDOWS\\system32\\lxdlcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdlpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdltime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdljswx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\ALLVOI Softphone\\WDT.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/9/2008 11:58 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/9/2008 11:58 PM 24208]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/23/2010 7:58 AM 108289]
R2 cc-eus;CRYPTOCard EUS;c:\program files\CRYPTOCard EUS\bin\eus.exe [1/24/2005 6:40 AM 65536]
R2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe -service --> c:\windows\system32\lxdlcoms.exe -service [?]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [6/9/2008 7:05 PM 5536]
S1 GLB84.tmp;GLB84.tmp;\??\c:\windows\system32\drivers\HarddiskVolume1\Documents and Settings\san\Local Settings\Temp\GLB84.tmp.sys --> c:\windows\system32\drivers\HarddiskVolume1\Documents and Settings\san\Local Settings\Temp\GLB84.tmp.sys [?]
S2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdlserv.exe [12/13/2008 12:20 PM 99248]
S3 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR --> c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [?]
S3 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [?]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL --> c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003Core.job
- c:\documents and settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-01 22:07]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003UA.job
- c:\documents and settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-01 22:07]

2010-01-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-27 04:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -

BHO-{AD5BD51E-8705-43AE-AB93-D78969CB254A} - (no file)
BHO-{fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 14:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Messenger (Yahoo!) = "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet??g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(196)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdlcoms.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\msiexec.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-01-31 14:55:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-31 20:55

Pre-Run: 65,379,700,736 bytes free
Post-Run: 65,319,972,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AD688F32C9DF07634A8770B7E5ED746D

>>>>>>>>>>>>>>>>>>>>>>>>Kaspersky Error<<<<<<<<<<<<<<<<<<<<<<<
Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.


Roorkie.

#11 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

Posted 31 January 2010 - 05:37 PM

Hi,
I was able to enable JAVA updates and Kaspersky scan went thro successfully. Here is the report.
Roorkie

>>>>>>>>>>>Kaspersky Report<<<<<<<<<<<<<<<<<<
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 31, 2010 21:55:42
Records in database: 3392986
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 74300
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:25:32

No threats found. Scanned area is clean.

Selected area has been scanned.

#12 Mjöllnir

  • Group: Retired Staff
  • Posts: 1,207
  • Joined: 01-August 09

Posted 01 February 2010 - 02:23 PM

Hello.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AD5BD51E-8705-43AE-AB93-D78969CB254A} - No CLSID value found.
O2 - BHO: (no name) - {fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - No CLSID value found.

:Services
GLB84.tmp

:Reg

:Files
c:\windows\system32\drivers\HarddiskVolume1\Documents and Settings\san\Local Settings\Temp\GLB84.tmp.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
[reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.






Your log is clean! :)


It is great to see that you have your computer protected with Comodo, Avira, and SpyBot!


Now that we've finished cleaning your computer, please follow these last sets of instructions and then you'll be ready to go.




Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")




»»» Cleanup «««

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK

Posted Image



Remove Other Tools

  • Open OTL to run it. (Vista users, please right click on OTL and select "Run as administrator")
  • Click on the CleanUp button
  • Click Yes to begin the cleanup process and remove out tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes




Clean Temporary Files
  • Download TFC to your desktop
  • Open the file and close any other windows
  • It will close all programs itself when run - make sure to let it run uninterrupted
  • Click the Start button to begin the process - the program should not take long to finish its job
  • Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes



++++++++++++++++++++++++++++++++++++


Below are links to several programs that will help protect your computer.

Anti-Spyware
I recommend downloading and installing all of the following applications.
  • SpywareBlaster keeps spyware from installing on your system - read the tutorial here
  • SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here



++++++++++++++++++++++++++++++++++++


Other things to keep in mind.

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.


Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.


Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! :)

#13 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

Posted 01 February 2010 - 07:47 PM

Hi,
This is the report log.

OTL logfile created on: 2/1/2010 5:55:03 PM - Run 4
OTL by OldTimer - Version 3.1.26.0 Folder = F:\Software\Geekstogo
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 61.22 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 5.39 Gb Free Space | 72.06% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANLCD
Current User Name: san
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - F:\Software\Geekstogo\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\COMODO\Firewall\cfp.exe ()
PRC - C:\Program Files\COMODO\Firewall\cmdagent.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Lexmark 7500 Series\lxdlamon.exe ()
PRC - C:\WINDOWS\system32\lxdlcoms.exe ( )
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CRYPTOCard EUS\bin\eus.exe (Alexandria Software Consulting)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - F:\Software\Geekstogo\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll ()
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (lxdl_device) -- C:\WINDOWS\System32\lxdlcoms.exe ( )
SRV - (lxdlCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdlserv.exe ()
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (OracleServiceORCL) -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerORCL) -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ()
SRV - (OracleDBConsoleORCL) -- C:\oracle\product\10.2.0\db_1\BIN\nmesrvc.exe (Oracle Corporation)
SRV - (OracleOraDb10g_home1iSQL*Plus) -- C:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe (Oracle)
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe ()
SRV - (cc-eus) -- C:\Program Files\CRYPTOCard EUS\bin\eus.exe (Alexandria Software Consulting)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost



O1 HOSTS File: ([2010/01/31 14:50:51 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AD5BD51E-8705-43AE-AB93-D78969CB254A} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {fa0d4b21-d7c2-4e2d-ab9e-50edaf170bd2} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 7500 Series Fax Server] C:\Program Files\Lexmark 7500 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdlamon] C:\Program Files\Lexmark 7500 Series\lxdlamon.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ALLVOI Softphone] C:\Program Files\ALLVOI Softphone\WDT.exe ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\san\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1213050334203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1220285731921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 11:46:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:26:23 | 00,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/01 17:56:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\san\Local Settings\Application Data\PCHealth
[2010/02/01 17:52:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\3E5562ED69AB4CEC91E264E18EC5ACC6.TMP
[2010/02/01 17:43:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/31 14:44:10 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/30 11:50:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/01/30 11:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/01/30 11:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/01/30 11:50:12 | 00,000,000 | ---D | C] -- C:\3a06f0c13f75db3b6b2588
[2010/01/30 11:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/30 11:29:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/30 11:29:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/30 11:29:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/30 11:29:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/30 11:25:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/25 03:21:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/01/23 07:58:15 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/23 07:58:15 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/23 07:58:15 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/23 07:58:15 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/23 07:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/23 07:45:59 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/23 07:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/23 07:20:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/23 07:17:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 07:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/23 06:35:10 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\san\Desktop\setup-spybotsd162.exe
[2010/01/23 04:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\san\My Documents\Downloads
[2010/01/22 08:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 07:52:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/13 12:15:39 | 00,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhcp.dll
[2008/12/13 12:15:39 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlinpa.dll
[2008/12/13 12:15:39 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdliesc.dll
[2008/12/13 12:15:38 | 01,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlserv.dll
[2008/12/13 12:15:38 | 00,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlusb1.dll
[2008/12/13 12:15:38 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlpmui.dll
[2008/12/13 12:15:38 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlprox.dll
[2008/12/13 12:15:37 | 00,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdllmpm.dll
[2008/12/13 12:15:35 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhbn3.dll
[2008/12/13 12:15:34 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomc.dll
[2008/12/13 12:15:34 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomm.dll
[2008/06/09 19:20:21 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2008/06/09 17:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2008/06/09 14:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2008/06/09 11:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/09 11:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[11 C:\Documents and Settings\san\My Documents\*.tmp files -> C:\Documents and Settings\san\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/01 17:58:19 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003UA.job
[2010/02/01 17:58:02 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\san\Desktop\google chrome.lnk
[2010/02/01 17:53:23 | 00,578,746 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/01 17:53:23 | 00,482,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/01 17:53:23 | 00,085,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/01 17:46:46 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/02/01 17:45:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/01 17:45:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 17:45:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 17:44:23 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\san\NTUSER.DAT
[2010/02/01 17:44:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\san\ntuser.ini
[2010/02/01 16:39:04 | 00,203,342 | ---- | M] () -- C:\Documents and Settings\san\Desktop\USACI0194710SA770427.pdf
[2010/01/31 19:57:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-884357618-725345543-1003Core.job
[2010/01/31 14:51:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/31 14:50:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/31 14:44:15 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/30 11:57:41 | 00,018,504 | ---- | M] () -- C:\Documents and Settings\san\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/30 11:55:56 | 00,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/27 18:28:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/27 17:59:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/23 07:58:29 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 06:40:51 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\san\Desktop\setup-spybotsd162.exe
[2010/01/21 10:54:29 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\san\Desktop\company_profile[1].ppt
[11 C:\Documents and Settings\san\My Documents\*.tmp files -> C:\Documents and Settings\san\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/01 16:39:04 | 00,203,342 | ---- | C] () -- C:\Documents and Settings\san\Desktop\USACI0194710SA770427.pdf
[2010/01/31 14:44:15 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/31 14:44:11 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/30 11:29:23 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/30 11:29:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/30 11:29:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/30 11:29:23 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/30 11:29:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/27 18:20:03 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\san\Desktop\gmer.exe
[2010/01/27 17:59:48 | 00,000,254 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/01/23 07:58:28 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/23 07:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 10:52:14 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\san\Desktop\company_profile[1].ppt
[2009/10/17 22:39:31 | 00,002,832 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AD5BD51E-8705-43AE-AB93-D78969CB254A.txt
[2009/10/17 12:12:17 | 00,003,668 | ---- | C] () -- C:\Documents and Settings\san\Local Settings\Application Data\AD5BD51E-8705-43AE-AB93-D78969CB254A.txt
[2009/07/04 18:36:21 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\san\Application Data\Smiley.ico
[2008/12/23 22:46:49 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\san\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 12:20:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdlvs.dll
[2008/12/13 12:20:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlcoin.dll
[2008/12/13 12:19:50 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdldrs.dll
[2008/12/13 12:19:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdlcnv4.dll
[2008/12/13 12:19:50 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdlcaps.dll
[2008/12/13 12:18:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDLPMON.DLL
[2008/12/13 12:18:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDLFXPU.DLL
[2008/12/13 12:18:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdloem.dll
[2008/12/13 12:15:57 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdlrwrd.ini
[2008/12/13 12:15:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlinst.dll
[2008/12/13 12:15:35 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdlgrd.dll
[2008/06/30 21:04:14 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/06/30 21:04:14 | 00,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/30 21:04:12 | 00,201,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV302AV.SYS
[2008/06/30 21:03:43 | 00,000,252 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/06/19 17:54:31 | 00,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/06/12 16:43:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1b.INI
[2008/06/11 13:38:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight1a.INI
[2008/06/09 23:58:41 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/06/09 19:20:21 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/06/09 19:20:21 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/06/09 19:20:21 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/06/09 19:20:21 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/06/09 19:15:25 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/06/09 19:15:25 | 00,007,108 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/06/09 19:13:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/06/09 18:58:54 | 00,001,909 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/06/09 16:05:16 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/06/09 16:05:16 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/06/09 16:05:01 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/06/09 16:05:00 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/06/09 16:04:59 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/06/09 16:04:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/06/09 15:44:20 | 00,000,830 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/09 13:39:41 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/06/09 13:39:41 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/06/09 13:39:41 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/09 13:39:41 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/06/16 12:07:48 | 00,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2002/01/25 11:17:28 | 00,002,238 | ---- | C] () -- C:\Program Files\Common Files\Abbott.ico
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/12/13 12:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7500 Series
[2010/02/01 17:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/26 15:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/12/13 22:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\7500 Series
[2009/02/26 22:26:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\CiscoCAA
[2008/06/30 21:05:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\FotoWire
[2009/02/07 14:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Globe7
[2008/06/09 17:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Helios
[2008/11/30 23:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\ImgBurn
[2008/12/25 11:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\Lexmark Productivity Studio
[2009/02/10 19:12:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\OfficeUpdate12
[2009/06/22 20:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\uTorrent
[2009/06/20 09:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\san\Application Data\webex
[2010/02/01 17:46:46 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Roorkie.

#14 Mjöllnir

  • Group: Retired Staff
  • Posts: 1,207
  • Joined: 01-August 09

Posted 01 February 2010 - 11:22 PM

Roorkie,

You're good to go. You might take the time to review the bottom portion of my last post to better your chances against the malware that is out there today.

Good luck! :)

#15 Roorkie

  • Group: Member
  • Posts: 15
  • Joined: 23-January 10

Posted 02 February 2010 - 07:38 AM

Thanks to Mjöllnir and this forum is wonderful. You are doing great job.
Roorkie

Share this topic:


  • 2 Pages +
  • 1
  • 2