Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Virtumonde Infestation [RESOLVED]

Started by Cthulhu111 , Dec 23 2007 07:36 PM

  • This topic is locked This topic is locked

#16
Cthulhu111
Posted 25 December 2007 - 01:19 PM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Kaspersky Part IV:
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A . ... /[From "U.S. Bank" <[email protected]>][Date Tue, 20 Jul 2004 06:30:27 +0200]/html Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... .. ... /[From Jay Tabor <[email protected]>][Date Tue, 20 Jul 2004 15:36:08 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date W ... /[From "Consta ... /[From Justin Hodge <%[email protected]>][Date Fri, 06 Aug 2004 04:17:29 +0200]/html Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date W ... /[From "Constance D. Chase" <[email protected]>][Date Thu, 05 Aug 2004 05:12:17 +0000]/text Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... ... /[From Weston Quintana <[email protected]>][Date Fri, 06 Aug 2004 17:19:06 -070 ... /html Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... ... /[From Weston Quintana <[email protected]>][Date Fri, 06 Aug 2004 17:19:06 -0700]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... . ... /[From Debbie Pratt <[email protected]>][Date Fri, 06 Aug 2004 12:07:02 +0000]/html Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A . ... ... /[From Andrew Leslie <[email protected]>][Date Mon, 09 Aug 2004 03:29:03 +0000]/html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A . ... /[From Estelle Macias <[email protected]>][Date Sun, 08 Aug 2004 13:38:00 +0000]/html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date ... /[From U S Bank <[email protected]>][Date Wed, 11 Aug 2004 02:39:21 -0100]/html Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... ... /[From Joaquin Torres <[email protected]>][Date Tue, 25 May 2004 18:28:38 -0400]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... /[Fro ... /[From James Boren <[email protected]>][Date Thu, 13 May 2004 12:43:01 -0700]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... /[From s ... /[From Andy Zavalla <[email protected]>][Date Tue, 11 May 2004 10:44:03 -0400]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... /[From shin matsunaga <[email protected]>][Date Fri, 07 May 2004 19:43:53 -1000]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 A ... /[From rich parsons <[email protected]>][Date Fri, 07 May 2004 12:25:17 -0700 (PDT)]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text/[From Aldon Asher <[email protected]>][Date Wed, 21 Apr 2004 16:26:27 -0400]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED/[From Ray Terry <[email protected]>][Date Tue, 13 Apr 2004 08:06:09 -0700 (PDT)]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text/[From Andy Zavalla <[email protected]>][Date Thu, 01 Apr 2004 09:25:25 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED/[From Boaz <[email protected]>][Date Fri, 26 Mar 2004 13:41:11 -0500]/text Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox/[From Andy Zavalla <[email protected]>][Date Thu, 25 Mar 2004 10:10:12 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
C:\temp\Mozilla\Profiles\lordvader\2lkswxbo.slt\Mail\pop-server.cfl.rr.com\Inbox Mail Berkeley mbox: infected - 20 skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From Jenn ... /[From =?iso-8859-5?B?U3VwcG9ydA==?= <[email protected]>][Date Thu, 11 Dec 2003 23:07:24 -0500]/html Infected: Trojan-Spy.HTML.Paylap.p skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From Jenny Sampson <sampsonjo@attac ... /[From [email protected]][Date Sun, 04 Jul 2004 10:08:36 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.p skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From Jenny Sampson <[email protected]>][Date Sun, 04 Jul 2004 12:36:01 +0000]/html Infected: Trojan-Spy.HTML.Paylap.p skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From "Lonnie D. Schmitt" <lonnie ... /[From [email protected]][Date Fri, 23 Jul 2004 ... /message_part2.zlo Infected: Email-Worm.Win32.NetSky.d skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From "Lonnie D. Schmitt" <lonnie ... /[From [email protected]][Date Fri, 23 Jul 2004 19:08:07 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From "Lonnie D. Schmitt" <[email protected]>][Date Fri, 23 Jul 2004 15:22:38 +0500]/text Infected: Email-Worm.Win32.NetSky.d skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From Cl ... /[From "/"/"U.S. Bank/"/"" <[email protected]>][Date Thu, 12 Aug 2004 05:27:52 -070 ... /html Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From Cl .. ... /[From "/"/"U.S. Bank/"/"" <[email protected]>][Date Thu, 12 Aug 2004 05:27:52 -0700]/html Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From Cl ... /[From "/"/"U.S. Bank/"/"" <[email protected]>][Date Thu, 12 Aug 2004 05:27:52 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED/[From Clara Cox <[email protected]>][Date Thu, 12 Aug 2004 06:17:16 +0200]/text Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text/[From The Daily Dish <[email protected]>][Date Sun, 13 Jun 2004 03:05:00 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Tue, 08 Jun 2004 19:54:50 -0400]/text Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED/[From Terri Leverette <[email protected]>][Date Sun, 06 Jun 2004 19:18:34 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox/[From lowell sasser <[email protected]>][Date Wed, 26 May 2004 23:27:12 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop-server.cfl.rr.com\Inbox Mail Berkeley mbox: infected - 14 skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop3-server.cfl.rr.com\Inbox/[From "lowell sasser" <[email protected]>][Date Tue, 25 Mar 2003 12:46:09 -0500]/UNNAMED/[From "Terri Leverette" <[email protected]>][Date Tue, 25 Mar 2003 22:34:32 -0500]/UNNAMED/[From "lowell sasser" <[email protected]>][Date Fri, 28 Mar 2003 22:49:49 -0500]/UNNAMED/[From "Connie Parrish" <[email protected]>][Date Fri, 04 Apr 03 22:10:45 GMT]/UNNAMED/[From "Sal Rush" <[email protected] ... /[From territotten <[email protected]>][Date Sat, 5 Apr 2003 19:11:32 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop3-server.cfl.rr.com\Inbox/[From "lowell sasser" <[email protected]>][Date Tue, 25 Mar 2003 12:46:09 -0500]/UNNAMED/[From "Terri Leverette" <[email protected]>][Date Tue, 25 Mar 2003 22:34:32 -0500]/UNNAMED/[From "lowell sasser" <[email protected]>][Date Fri, 28 Mar 2003 22:49:49 -0500]/UNNAMED/[From "Connie Parrish" <[email protected]>][Date Fri, 04 Apr 03 22:10:45 GMT]/UNNAMED/[From "Sal Rush" <[email protected]>][Date Sat, 05 Apr 03 09:30:10 GMT]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop3-server.cfl.rr.com\Inbox/[From "lowell sasser" <[email protected]>][Date Tue, 25 Mar 2003 12:46:09 -0500]/UNNAMED/[From "Terri Leverette" <[email protected]>][Date Tue, 25 Mar 2003 22:34:32 -0500]/UNNAMED/[From "lowell sasser" <[email protected]>][Date Fri, 28 Mar 2003 22:49:49 -0500]/UNNAMED/[From "Connie Parrish" <[email protected]>][Date Fri, 04 Apr 03 22:10:45 GMT]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop3-server.cfl.rr.com\Inbox/[From "lowell sasser" <[email protected]>][Date Tue, 25 Mar 2003 12:46:09 -0500]/UNNAMED/[From "Terri Leverette" <[email protected]>][Date Tue, 25 Mar 2003 22:34:32 -0500]/UNNAMED/[From "lowell sasser" <[email protected]>][Date Fri, 28 Mar 2003 22:49:49 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop3-server.cfl.rr.com\Inbox/[From "lowell sasser" <[email protected]>][Date Tue, 25 Mar 2003 12:46:09 -0500]/UNNAMED/[From "Terri Leverette" <[email protected]>][Date Tue, 25 Mar 2003 22:34:32 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop3-server.cfl.rr.com\Inbox/[From "lowell sasser" <[email protected]>][Date Tue, 25 Mar 2003 12:46:09 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\temp\Mozilla\Profiles\ltorres1\29evwjiw.slt\Mail\pop3-server.cfl.rr.com\Inbox Mail Berkeley mbox: suspicious - 6 skipped
C:\VundoFix Backups\ssttq.exe.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

Scan process completed.
  • 0

Advertisements

#17
Rorschach112
Posted 25 December 2007 - 06:27 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please run OTMoveIt by OldTimer again.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\BS435.exe
    C:\BSINSTALL.exe
    C:\kf141.zip
    C:\OiUninstaller.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



Also post a new DSS log and tell me if you are still having Internet connection problems
  • 0

#18
Cthulhu111
Posted 25 December 2007 - 06:48 PM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Still only able to connect to Internet from Safe Mode.

OTMoveIt Results:
C:\BS435.exe moved successfully.
C:\BSINSTALL.exe moved successfully.
C:\kf141.zip moved successfully.
C:\OiUninstaller.exe moved successfully.

Created on 12/25/2007 19:41:29

Latest DSS log:
Deckard's System Scanner v20071014.68
Run by J&L Torres on 2007-12-25 19:41:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as J&L Torres.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:42:19 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\J&L Torres\Desktop\dss.exe
C:\PROGRA~1\HIJACK~2\J&LTOR~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: TDK Launcher.lnk = C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


-- Files created between 2007-11-25 and 2007-12-25 -----------------------------

2007-12-25 10:29:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-25 10:29:54 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-24 18:45:49 791393 --a------ C:\erunt-setup.exe <Not Verified; Lars Hederer; >
2007-12-23 20:25:13 251392 --a------ C:\hijackthis_sfx.exe
2007-12-23 19:21:48 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\AVG7
2007-12-23 19:21:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-23 19:21:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 19:05:10 0 d-------- C:\HiJack This
2007-12-23 19:01:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-23 17:55:14 0 d-------- C:\VundoFix Backups
2007-12-23 17:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:52:44 0 d--hs---- C:\WINDOWS\CSC
2007-12-23 15:14:15 606240 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-23 15:09:05 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-23 13:45:09 90112 --a------ C:\WINDOWS\system32\RegDACL.exe <Not Verified; Frank Heyne Software; RegTools>
2007-12-23 13:45:09 4096 --a------ C:\WINDOWS\system32\reboot.exe
2007-12-23 13:45:09 53248 --a------ C:\WINDOWS\system32\process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-23 13:45:09 347 --a------ C:\run2.reg
2007-12-23 13:45:09 8925 --a------ C:\clean.bat
2007-12-23 13:44:18 0 d--h----- C:\WINDOWS\PIF
2007-12-23 08:36:17 348160 --a------ C:\WINDOWS\system32\hphmon04 .exe <Not Verified; Hewlett-Packard; hp photosmart>
2007-12-23 08:36:07 155648 --a------ C:\WINDOWS\system32\NeroCheck .exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-12-23 00:25:11 0 dr-h----- C:\Documents and Settings\J&L Torres\Recent
2007-12-15 06:50:54 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\Snapfish


-- Find3M Report ---------------------------------------------------------------

2007-12-25 07:44:24 0 d-------- C:\Program Files\Java
2007-12-24 06:57:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-12-23 20:27:01 0 d-------- C:\Program Files\Hijack This
2007-12-23 17:48:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-23 15:11:06 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-12-23 14:29:46 0 d-------- C:\Program Files\Common Files
2007-12-23 14:24:50 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-23 14:23:03 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-12-23 14:22:48 0 d-------- C:\Program Files\The Learning Company
2007-12-23 12:52:18 0 d-------- C:\Program Files\QuickTime
2007-12-23 00:25:35 0 d-------- C:\Program Files\Steam
2007-12-22 01:16:15 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\Adobe
2007-12-15 06:50:53 35821 --a------ C:\WINDOWS\mozver.dat
2007-11-15 12:55:52 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\Roxio


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [11/08/2002 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/23/2007 07:21 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []

C:\Documents and Settings\J&L Torres\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
TDK Launcher.lnk - C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe [12/31/2003 11:07:30 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/15/2003 12:00:28 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk
backup=C:\WINDOWS\pss\CorelCENTRAL 10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 10.lnk
backup=C:\WINDOWS\pss\Desktop Application Director 10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^J&L Torres^Start Menu^Programs^Startup^Registration-Studio 8.lnk]
path=C:\Documents and Settings\J&L Torres\Start Menu\Programs\Startup\Registration-Studio 8.lnk
backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\PROGRA~1\WEATHE~1\Weather.exe /q




-- End of Deckard's System Scanner: finished at 2007-12-25 19:43:02 ------------
  • 0

#19
Rorschach112
Posted 26 December 2007 - 05:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.


Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
  • 0

#20
Cthulhu111
Posted 26 December 2007 - 07:31 AM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
How long should SDFix take to run?

I had rebooted into Safe Mode, but this time w/ no networking. Started SDFix (RunThis.cmd), and a window popped up. Typed 'y' and hit enter. Said it was going to start looking for stuff. Then, the Safe Mode desktop went blank, wiping away all icons and the taskbar without rebooting. I waited about 15 minutes, and nothing was going on. I was able to Ctrl-Alt-Del to get the Task Manager up to shut down, as I had to leave for work.

Did I just not wait long enough, and SDFix takes a couple of hours like some of the other cleaning steps you've had me try?

Thanks
  • 0

#21
Rorschach112
Posted 26 December 2007 - 09:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
SDFix shouldn't take long to run.

Try it one more time, and if it stays like before after 15 minutes then just continue on with the ComboFix step
  • 0

#22
Cthulhu111
Posted 26 December 2007 - 06:38 PM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
SDFix apparently still won't run.

Fixed the one item in HJT.

Ran Combofix. The file created at the end was "log.txt":

ComboFix Log Part 1:

ComboFix 07-12-26.4 - J&L Torres 2007-12-26 18:32:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.213 [GMT -5:00]
Running from: C:\Documents and Settings\J&L Torres\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-26 06:35 . 2007-12-26 06:35 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-26 06:30 . 2007-12-26 06:30 1,216,185 --a------ C:\SDFix.exe
2007-12-25 13:33 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-25 10:29 . 2007-12-25 10:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-25 10:29 . 2007-12-25 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-24 18:45 . 2007-12-24 18:45 791,393 --a------ C:\erunt-setup.exe
2007-12-24 17:48 . 2007-12-24 17:48 <DIR> d-------- C:\Deckard
2007-12-23 20:25 . 2007-12-23 20:25 251,392 --a------ C:\hijackthis_sfx.exe
2007-12-23 19:21 . 2007-12-23 19:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-23 19:21 . 2007-12-26 18:20 <DIR> d-------- C:\Documents and Settings\J&L Torres\Application Data\AVG7
2007-12-23 19:21 . 2007-12-23 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 19:05 . 2007-12-23 20:18 <DIR> d-------- C:\HiJack This
2007-12-23 17:55 . 2007-12-23 18:25 <DIR> d-------- C:\VundoFix Backups
2007-12-23 17:40 . 2007-12-23 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:17 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-23 15:14 . 2007-12-26 18:41 811,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-23 15:14 . 2007-12-26 06:56 8,540 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-23 14:32 . 2007-12-23 14:41 31,768,752 --a------ C:\avg75free_503a1205.exe
2007-12-23 14:31 . 2007-12-23 14:52 206,584 --a------ C:\zaSetup_en.exe
2007-12-23 13:45 . 2001-05-25 06:01 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-12-23 13:45 . 2005-01-13 20:41 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-12-23 13:45 . 2007-10-11 14:42 8,925 --a------ C:\clean.bat
2007-12-23 13:45 . 2004-07-22 12:15 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-12-23 13:45 . 2007-10-11 08:55 347 --a------ C:\run2.reg
2007-12-23 13:44 . 2007-12-23 13:44 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-23 08:36 . 2007-12-23 08:36 348,160 --a------ C:\WINDOWS\system32\hphmon04 .exe
2007-12-23 08:36 . 2007-12-23 08:36 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-23 08:36 . 2007-12-23 08:36 118,784 --a------ C:\WINDOWS\MXOALDR .EXE
2007-12-15 10:21 . 2007-12-15 10:21 103,060 --a------ C:\smoking.jpg
2007-12-15 10:20 . 2007-12-15 10:20 84,642 --a------ C:\ohhi.jpg
2007-12-15 10:18 . 2007-12-15 10:18 78,196 --a------ C:\babies.jpg
2007-12-15 10:17 . 2007-12-15 10:17 123,995 --a------ C:\clowncar.jpg
2007-12-15 10:14 . 2007-12-15 10:14 85,111 --a------ C:\irony.jpg
2007-12-15 06:50 . 2007-12-15 06:50 <DIR> d-------- C:\Documents and Settings\J&L Torres\Application Data\Snapfish
2007-12-07 07:05 . 2007-12-07 07:05 32,381 --a------ C:\funny-pictures-bored-cat.jpg
2007-12-06 07:12 . 2007-12-06 07:12 38,457 --a------ C:\cute-pictures-rainbow-poop.jpg
2007-11-27 16:22 . 2007-12-20 23:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 16:22 . 2007-11-27 16:22 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 12:44 --------- d-----w C:\Program Files\Java
2007-12-25 11:43 423,736 ----a-w C:\avgarkt-setup-1.1.0.42.exe
2007-12-24 11:57 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-24 01:27 --------- d-----w C:\Program Files\Hijack This
2007-12-23 22:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 19:24 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-23 19:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-23 19:22 --------- d-----w C:\Program Files\The Learning Company
2007-12-23 17:52 --------- d-----w C:\Program Files\QuickTime
2007-12-23 05:25 --------- d-----w C:\Program Files\Steam
2007-11-24 13:51 5,907,548 ----a-w C:\crayon.zip
2007-11-15 17:55 --------- d-----w C:\Documents and Settings\J&L Torres\Application Data\Roxio
2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 21:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-05-10 20:35 43,590 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_10_05_57_52_small.dmp.zip
2006-05-10 20:35 41,061 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_10_05_57_40_small.dmp.zip
2006-04-04 10:07 48,607 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_04_04_05_53_54_small.dmp.zip
2006-04-04 10:07 13,042,892 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_04_04_05_54_19_full.dmp.zip
2005-10-21 09:15 46,414 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_20_05_16_07_small.dmp.zip
2005-10-21 09:15 42,468 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_20_05_15_59_small.dmp.zip
2005-10-18 10:22 47,745 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_18_05_52_54_small.dmp.zip
2005-10-18 10:22 46,073 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_18_05_53_10_small.dmp.zip
2005-10-11 09:16 44,492 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_11_05_06_27_small.dmp.zip
2005-10-11 09:16 40,500 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_11_05_06_09_small.dmp.zip
2005-05-12 03:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-07 03:48 5,488 ----a-w C:\Documents and Settings\J&L Torres\Application Data\mpauth.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_19.58.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-17 11:25:21 549,888 ----a-w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-06-19 13:37:21 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
- 2005-05-18 23:51:50 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-24 14:41:02 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-09-29 15:59:36 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-12-24 14:41:03 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-03-11 14:27:24 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-12-24 14:38:19 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-03-11 14:27:40 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2007-12-24 14:38:27 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-03-11 14:27:44 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2007-12-24 14:38:28 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-03-11 14:27:45 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-12-24 14:38:29 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-03-11 14:27:35 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2007-12-24 14:38:25 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-03-11 14:27:18 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-12-24 14:38:14 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-03-11 14:27:18 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2007-12-24 14:38:14 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-03-11 14:27:53 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2007-12-24 14:38:35 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-03-11 14:27:27 5,029,888 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-24 14:38:22 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-03-11 14:27:23 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2007-12-24 14:38:18 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-03-11 14:27:17 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2007-12-24 14:38:13 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-03-11 14:27:20 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2007-12-24 14:38:16 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-03-11 14:27:39 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-12-24 14:38:26 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-03-11 14:27:40 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-12-24 14:38:26 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-03-11 14:27:40 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2007-12-24 14:38:26 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-03-11 14:27:21 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2007-12-24 14:38:17 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-03-11 14:27:21 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2007-12-24 14:38:17 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-03-11 14:27:22 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2007-12-24 14:38:18 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-03-11 14:27:23 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2007-12-24 14:38:18 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-03-11 14:27:20 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-12-24 14:38:16 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-03-11 14:27:55 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-12-24 14:38:36 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-03-11 14:27:55 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2007-12-24 14:38:36 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-03-11 14:27:15 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2007-12-24 14:38:11 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-03-11 14:27:54 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-12-24 14:38:36 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-03-11 14:27:56 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2007-12-24 14:38:37 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-03-11 14:27:17 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-12-24 14:38:13 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-03-11 14:27:16 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2007-12-24 14:38:12 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-03-11 14:27:16 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2007-12-24 14:38:13 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-03-11 14:27:48 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2007-12-24 14:38:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-03-11 14:27:24 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2007-12-24 14:38:20 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-03-11 14:27:48 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2007-12-24 14:38:33 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-03-11 14:27:46 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2007-12-24 14:38:30 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-03-11 14:27:19 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2007-12-24 14:38:15 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-03-11 14:27:39 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-12-24 14:38:25 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-03-11 14:27:25 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2007-12-24 14:38:20 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-03-11 14:27:25 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-12-24 14:38:20 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-03-11 14:27:26 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2007-12-24 14:38:21 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-03-11 14:27:51 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-12-24 14:38:34 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-03-11 14:27:46 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-12-24 14:38:30 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-03-11 14:27:52 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-12-24 14:38:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-03-11 14:27:47 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-12-24 14:38:31 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-03-11 14:27:47 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-12-24 14:38:32 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-03-11 14:27:23 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-12-24 14:38:19 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-03-11 14:27:27 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-12-24 14:38:21 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-03-11 14:27:54 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-12-24 14:38:35 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-03-11 14:27:28 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-12-24 14:38:22 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-03-11 14:27:29 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-12-24 14:38:23 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-03-11 14:27:32 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-12-24 14:38:23 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-03-11 14:27:33 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2007-12-24 14:38:24 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-03-11 14:27:51 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-12-24 14:38:33 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-12-25 18:45:43 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\852be8f752663a79b42415eb82dea5a6\Accessibility.ni.dll
+ 2007-12-25 18:45:54 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7c356c6ad516374b13230e0b56853c13\AspNetMMCExt.ni.dll
+ 2007-12-25 18:45:57 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a277df3e42a5cce121a22bbc355e67e3\CustomMarshalers.ni.dll
+ 2007-12-25 18:45:55 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\e0786b3ff6c53b23a3e0781a432e2b43\dfsvc.ni.exe
+ 2007-12-25 18:46:01 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c0b95cddc9317bd6b2a8dc1ab2c09b1e\Microsoft.Build.Engine.ni.dll
+ 2007-12-25 18:46:02 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\03c2f2a55909ec1c49dfb9e19bb15719\Microsoft.Build.Framework.ni.dll
+ 2007-12-25 18:46:09 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d41a09e4318c23bb5d2c7d35b9457512\Microsoft.Build.Tasks.ni.dll
+ 2007-12-25 18:46:11 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\5bf9ce99e8fb9ef3c91aa6409d98c048\Microsoft.Build.Utilities.ni.dll
+ 2007-12-25 18:46:17 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bda938791ea3d1a49d7511f8ddc8bbcd\Microsoft.VisualBasic.ni.dll
+ 2007-12-24 14:40:36 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\2c9986f0f331440ff369f300d6a64d51\mscorlib.ni.dll
+ 2007-12-25 18:46:21 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\06f2476a262b3d3bb51e85af0c7f197f\System.Configuration.ni.dll
+ 2007-12-24 14:42:09 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\bf763753987a6752548322a41ab47e73\System.Data.ni.dll
+ 2007-12-25 18:46:25 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\fd3a95f0158de6cb4ddfb9381154a8b3\System.Deployment.ni.dll
+ 2007-12-24 14:42:58 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\4eb8b02f2aaec1ef2a7e367974c76077\System.Design.ni.dll
+ 2007-12-25 18:46:30 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\717c98caa11f516f88e8657ce115432a\System.DirectoryServices.ni.dll
+ 2007-12-25 18:46:32 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\797614de14fdda307abd83e914a61be3\System.DirectoryServices.Protocols.ni.dll
+ 2007-12-24 14:43:05 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1131c18dc8dc1ef3841dc43002c8a8a9\System.Drawing.Design.ni.dll
+ 2007-12-24 14:43:03 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\765b7f8eb71d453c39797592675b65f1\System.Drawing.ni.dll
+ 2007-12-25 18:46:36 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f4e78db696f3568c34bfbb66a27d5fc5\System.EnterpriseServices.ni.dll
+ 2007-12-25 18:46:36 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f4e78db696f3568c34bfbb66a27d5fc5\System.EnterpriseServices.Wrapper.dll
+ 2007-12-25 18:46:39 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\34e37b96cc209ff5b60b147f3c975d43\System.Security.ni.dll
+ 2007-12-25 18:46:41 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\1991332a7b4c79030de26977aa2d9981\System.Transactions.ni.dll
+ 2007-12-25 18:47:48 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bf7b9b865c074bac8518ac3dfb3ab23b\System.Web.Mobile.ni.dll
+ 2007-12-25 18:47:49 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dd46e4561102b7881877b5e42fd72544\System.Web.RegularExpressions.ni.dll
+ 2007-12-25 18:47:57 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1788c4f7a4ab94dfe9c3195b975f084e\System.Web.Services.ni.dll
+ 2007-12-25 18:47:32 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d76c3a6e10a885d6be461e27f50db1fc\System.Web.ni.dll
+ 2007-12-24 14:44:05 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\08608f236cbf6293adcba5b1ad8a5501\System.Windows.Forms.ni.dll
+ 2007-12-24 14:44:32 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9d8cfd67b3e53c22de30748fbda2a7d9\System.Xml.ni.dll
+ 2007-12-24 14:41:26 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f9e0cc41d4708780bfbd7858d0ad6d6f\System.ni.dll
+ 2007-12-24 14:41:14 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_94e91f03\CustomMarshalers.dll
+ 2007-12-24 14:41:48 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f0f6045\mscorlib.dll
+ 2007-12-24 14:41:41 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e298bbb3\System.Design.dll
+ 2007-12-24 14:41:16 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2fe1e063\System.Drawing.Design.dll
+ 2007-12-24 14:41:45 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_bb5791c3\System.Drawing.dll
+ 2007-12-24 14:41:23 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_43ed01fc\System.Windows.Forms.dll
+ 2007-12-24 14:41:31 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8a50e932\System.Xml.dll
+ 2007-12-24 14:41:13 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1417c676\System.dll
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\12-24-2007\ERDNT.EXE
+ 2007-12-25 00:06:53 15,527,936 ----a-w C:\WINDOWS\erdnt\12-24-2007\Users\00000001\ntuser.dat
+ 2007-12-25 00:06:53 569,344 ----a-w C:\WINDOWS\erdnt\12-24-2007\Users\00000002\UsrClass.dat
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-24-2007\ERDNT.EXE
+ 2007-12-25 00:05:27 15,527,936 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-24-2007\Users\00000001\ntuser.dat
+ 2007-12-25 00:05:28 569,344 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-24-2007\Users\00000002\UsrClass.dat
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-25-2007\ERDNT.EXE
+ 2007-12-25 12:38:35 15,527,936 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-25-2007\Users\00000001\ntuser.dat
+ 2007-12-25 12:38:36 569,344 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-25-2007\Users\00000002\UsrClass.dat
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-26-2007\ERDNT.EXE
+ 2007-12-26 11:54:09 15,527,936 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-26-2007\Users\00000001\ntuser.dat
+ 2007-12-26 11:54:09 569,344 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-26-2007\Users\00000002\UsrClass.dat
+ 2007-12-24 05:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-26 22:59:08 15,527,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-12-26 22:59:08 569,344 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-24 05:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-26 11:35:08 15,527,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-12-26 11:35:08 569,344 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2004-08-04 07:56:49 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
  • 0

#23
Cthulhu111
Posted 26 December 2007 - 06:39 PM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ComboFix Log Part 2:

+ 2007-12-24 14:35:38 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 02:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 05:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 02:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 01:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 23:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 01:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 01:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 04:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 01:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 01:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 01:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 20:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 21:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_aspnet_isapi.dll
+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_CORPerfMonExt.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_fusion.dll
+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_mscorjit.dll
+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_mscorlib.dll
+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_mscorsn.dll
+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_mscorsvr.dll
+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_mscorwks.dll
+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_msvcr71.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3084\_PerfCounter.dll
- 2004-07-15 18:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 02:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-10-08 10:20:12 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 02:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2005-09-23 12:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-04-13 08:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2006-04-14 11:08:30 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-13 08:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 12:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-13 08:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 12:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-13 08:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 12:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-04-13 08:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 12:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-04-13 08:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 12:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-13 08:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2006-09-12 22:10:46 23,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-13 08:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 12:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-04-13 08:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 12:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-04-13 08:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 12:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-04-13 08:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 12:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-04-13 08:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 12:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-13 08:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 12:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-04-13 08:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 12:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-04-13 08:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 12:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-04-13 08:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 12:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-04-13 08:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 12:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-04-13 08:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 12:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-04-13 08:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 12:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-13 08:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 12:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-04-13 08:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 12:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-13 08:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 12:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-04-13 08:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 12:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-13 08:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 12:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-04-13 08:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 12:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-04-13 08:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 12:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-13 08:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 12:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-04-13 08:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 12:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-04-13 08:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 12:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-13 08:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 12:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-04-13 08:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 12:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-04-13 08:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 12:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-04-13 08:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 12:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-04-13 08:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 12:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-04-13 08:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 12:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-04-13 08:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 12:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-04-13 08:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 12:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-04-13 08:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 12:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-04-13 08:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 12:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-04-13 08:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 12:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-04-13 08:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 12:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-04-13 08:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 12:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-04-13 08:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 12:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-04-13 08:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 12:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-04-13 08:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 12:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-04-13 08:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2006-09-12 22:11:12 5,029,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-04-13 08:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 12:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-04-13 08:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2005-09-23 12:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-04-13 08:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 12:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-04-13 08:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2005-09-23 12:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-04-13 08:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2006-09-12 22:10:46 300,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-04-13 08:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2007-04-18 12:31:37 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 06:13:44 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-04-18 12:31:37 151,040 ------w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 06:13:44 151,040 ------w C:\WINDOWS\system32\cdfview.dll
- 2007-04-18 12:31:37 1,054,208 ------w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 06:13:44 1,054,208 ------w C:\WINDOWS\system32\danim.dll
- 2007-04-18 12:31:37 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-04-18 12:31:37 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-04-18 12:31:37 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-04-18 12:31:37 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-04-18 12:31:37 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-06-13 10:23:07 1,033,216 -c----w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-04-18 12:31:37 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-03-08 15:36:28 281,600 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-04-18 10:22:13 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-04-18 12:31:37 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-04-18 12:31:37 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-04-18 12:31:37 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:46:59 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 660,992 -c----w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 177,152 -c----w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2007-05-04 12:29:16 3,058,688 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-04-18 12:31:38 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-04-18 12:31:38 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-04-18 12:31:38 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-09-13 05:01:56 1,084,416 -c----w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 -c----w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-04-18 12:31:38 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-04-18 12:31:38 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-04-18 12:31:38 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-04-23 10:32:54 364,160 -c----w C:\WINDOWS\system32\dllcache\update.sys
- 2007-04-18 12:31:39 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-12-19 18:08:07 852,480 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-02-15 22:00:26 236,928 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
+ 2007-04-10 19:00:46 236,928 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
- 2007-02-15 22:01:26 336,768 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
+ 2007-04-10 19:01:18 336,768 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
- 2007-04-18 12:31:39 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 18:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 22:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-04-29 10:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 13:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-04 05:58:20 72,960 ------w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ------w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-04 05:58:32 209,408 ------w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ------w C:\WINDOWS\system32\drivers\update.sys
- 2007-04-18 12:31:37 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 06:13:44 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-04-18 12:31:37 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 06:13:44 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-04-18 12:31:37 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 06:13:44 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-04-18 12:31:37 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 06:13:44 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-04-18 12:31:37 96,256 ------w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 06:13:44 96,256 ------w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-04-18 12:31:37 16,384 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 06:13:44 16,384 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2004-08-04 07:56:42 138,240 ------w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ------w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 07:56:42 47,104 ------w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ------w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 07:56:42 16,896 ------w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ------w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 07:56:42 660,992 ------w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ------w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 07:56:42 177,152 ------w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ------w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 07:56:42 95,744 ------w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ------w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 07:56:42 48,640 ------w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ------w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 07:56:42 471,552 ------w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ------w C:\WINDOWS\system32\mqutil.dll
- 2007-06-06 03:38:42 15,747,032 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 20:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-09-23 12:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-04-13 08:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2007-05-04 12:29:16 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:16:33 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-04-18 12:31:38 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:13:45 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-04-18 12:31:38 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:13:45 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-04-18 12:31:38 532,480 ------w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:13:45 532,480 ------w C:\WINDOWS\system32\mstime.dll
- 2006-09-13 05:01:56 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-11-04 18:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 20:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2005-09-23 12:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2006-12-22 18:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2004-08-04 07:56:44 553,472 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
- 2007-11-04 12:44:06 64,982 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-24 14:38:53 64,982 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-04 12:44:06 407,446 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-24 14:38:53 407,446 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-04-18 12:31:38 39,424 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:13:45 39,424 ------w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-04-18 12:31:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 06:13:45 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-04-18 12:31:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 06:13:45 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-11-17 20:14:30 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-12-10 19:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-12-14 02:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 13:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-01-29 08:58:06 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2007-04-18 12:31:39 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 06:13:45 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-02-15 22:00:26 236,928 ----a-w C:\WINDOWS\system32\WgaLogon.dll
+ 2007-04-10 19:00:46 236,928 ----a-w C:\WINDOWS\system32\WgaLogon.dll
- 2007-02-15 22:01:26 336,768 ----a-w C:\WINDOWS\system32\WgaTray.exe
+ 2007-04-10 19:01:18 336,768 ----a-w C:\WINDOWS\system32\WgaTray.exe
- 2007-04-18 12:31:39 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 06:13:45 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-04-29 10:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2007-04-18 09:51:25 115,200 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-05-08 20:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
- 2007-03-11 14:27:18 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-12-24 14:38:14 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-03-11 14:27:18 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2007-12-24 14:38:14 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 19:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-23 19:21]

C:\Documents and Settings\J&L Torres\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
TDK Launcher.lnk - C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe [2003-12-31 11:07:30]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk
backup=C:\WINDOWS\pss\CorelCENTRAL 10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 10.lnk
backup=C:\WINDOWS\pss\Desktop Application Director 10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^J&L Torres^Start Menu^Programs^Startup^Registration-Studio 8.lnk]
path=C:\Documents and Settings\J&L Torres\Start Menu\Programs\Startup\Registration-Studio 8.lnk
backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2001-04-01 20:29 77887 --a------ C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-06-23 21:12 319488 --a------ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-06-25 00:18 868352 --a------ C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\PROGRA~1\WEATHE~1\Weather.exe /q

R0 SI3112;SiI-3112 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys [2004-06-14 18:03]
R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;C:\WINDOWS\system32\drivers\DCxxMJPG.sys [2002-06-04 11:18]
R2 dmsmbios;dmsmbios;C:\WINDOWS\System32\dmsmbios.sys [2000-05-02 15:42]
R2 iSMBIOS;iSMBIOS;C:\WINDOWS\System32\drivers\iSMBIOS.SYS [2002-05-03 15:07]
R2 SIODRV;SIODRV;C:\WINDOWS\System32\drivers\SIODRV.SYS [2002-05-03 15:07]
R3 smbusp;Intel® SMBus 2.0 Driver;C:\WINDOWS\system32\DRIVERS\smb.sys [2002-01-28 16:37]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 13:05]
S2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 19:37]
S3 PCIDATA;PCIDATA;E:\PCIDATA.sys []
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 13:05]
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 19:19]

.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 17:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 18:41:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 18:42:49
C:\ComboFix2.txt ... 2007-12-23 20:05
C:\ComboFix3.txt ... 2007-12-23 19:59
.
2007-12-26 00:56:42 --- E O F ---
  • 0

#24
Cthulhu111
Posted 26 December 2007 - 06:41 PM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Oh, don't know if it matters...

When I first ran ComboFix, I neglected to shut AVG Free down. Not sure it's working correctly, anyway. I did shut it down and ran ComboFix again, and I have a copy of that log, if necessary or even useful.

Thanks
  • 0

#25
Rorschach112
Posted 26 December 2007 - 06:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
How is your PC running now ? Any problems ?
  • 0

Advertisements

#26
Cthulhu111
Posted 26 December 2007 - 07:05 PM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I guess it's running okay, except that I still cannot connect to the Internet at all unless I'm in Safe Mode. For the life of me, I can't understand why I can connect in Safe Mode only. Windows will show the network connection in the Control Panel settings okay, and will even let me do the repair, but no application that connects to the Internet will run: Firefox, Thunderbird, AVG's Internet update feature...I can't even do a ping from a command prompt.
  • 0

#27
Rorschach112
Posted 27 December 2007 - 04:43 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
If you can connect in Safe Mode then chances there is some program stopping you

Try disable your firewall and see if you can connect

If not do this


Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.


Reboot and let me know if that works
  • 0

#28
Cthulhu111
Posted 27 December 2007 - 05:44 AM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I had the Windows Firewall off and I thought ZoneAlarm was no longer working, as it wasn't popping up when booting normally. However, you got me thinking, and when I checked Add/Remove Programs, ZoneAlarm was still present, so I removed it. Lo and behold, I got a message saying ZoneAlarm had to shut down first. Apparently, that sucker has been running the whole time, but I couldn't see it.

My wife got a free full version of Norton 360, so I'm going to give that a shot. Hopefully, I won't catch anymore bugs anytime soon.

I'll post another HJT or DSS log after I pop Norton on.

Thanks SO much!
  • 0

#29
Rorschach112
Posted 27 December 2007 - 09:37 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
That could be responsible. Make sure that you don't have the Windows Firewall on as well as the Norton firewall, or else there will be conflicts.

Also you will need to remove AVG if you install Norton

Personally I would recommend not installing Norton, and instead keeping AVG and downloading Comodo for a firewall.


Post a new DSS log after you have done it
  • 0

#30
Cthulhu111
Posted 27 December 2007 - 06:13 PM

Cthulhu111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hopefully, the last DSS Log:

Deckard's System Scanner v20071014.68
Run by J&L Torres on 2007-12-27 19:09:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as J&L Torres.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:09:24 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
C:\Documents and Settings\J&L Torres\Desktop\dss.exe
C:\PROGRA~1\HIJACK~2\J&LTOR~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: TDK Launcher.lnk = C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


-- Files created between 2007-11-27 and 2007-12-27 -----------------------------

2007-12-27 16:49:28 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\Symantec
2007-12-27 07:45:20 0 d-------- C:\Program Files\Norton 360
2007-12-27 07:43:36 0 d-------- C:\Program Files\Symantec
2007-12-27 07:43:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-27 07:43:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-27 06:45:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-26 06:35:07 0 d-------- C:\WINDOWS\ERUNT
2007-12-26 06:30:14 1216185 --a------ C:\SDFix.exe
2007-12-25 10:29:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-25 10:29:54 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-24 18:45:49 791393 --a------ C:\erunt-setup.exe <Not Verified; Lars Hederer; >
2007-12-23 20:25:13 251392 --a------ C:\hijackthis_sfx.exe
2007-12-23 19:05:10 0 d-------- C:\HiJack This
2007-12-23 19:01:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-23 17:55:14 0 d-------- C:\VundoFix Backups
2007-12-23 16:52:44 0 d--hs---- C:\WINDOWS\CSC
2007-12-23 15:09:05 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-23 13:45:09 90112 --a------ C:\WINDOWS\system32\RegDACL.exe <Not Verified; Frank Heyne Software; RegTools>
2007-12-23 13:45:09 4096 --a------ C:\WINDOWS\system32\reboot.exe
2007-12-23 13:45:09 53248 --a------ C:\WINDOWS\system32\process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-23 13:45:09 347 --a------ C:\run2.reg
2007-12-23 13:45:09 8925 --a------ C:\clean.bat
2007-12-23 13:44:18 0 d--h----- C:\WINDOWS\PIF
2007-12-23 08:36:17 348160 --a------ C:\WINDOWS\system32\hphmon04 .exe <Not Verified; Hewlett-Packard; hp photosmart>
2007-12-23 08:36:07 155648 --a------ C:\WINDOWS\system32\NeroCheck .exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-12-23 00:25:11 0 dr-h----- C:\Documents and Settings\J&L Torres\Recent
2007-12-15 06:50:54 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\Snapfish


-- Find3M Report ---------------------------------------------------------------

2007-12-27 18:45:08 0 d-------- C:\Program Files\HP
2007-12-27 18:44:40 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-27 18:40:22 0 d-------- C:\Program Files\Steam
2007-12-27 17:28:21 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\Adobe
2007-12-27 16:05:15 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-12-27 16:02:47 0 d-------- C:\Program Files\Common Files
2007-12-25 07:44:24 0 d-------- C:\Program Files\Java
2007-12-23 20:27:01 0 d-------- C:\Program Files\Hijack This
2007-12-23 17:48:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-23 15:11:06 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-12-23 14:23:03 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-12-23 14:22:48 0 d-------- C:\Program Files\The Learning Company
2007-12-23 12:52:18 0 d-------- C:\Program Files\QuickTime
2007-12-15 06:50:53 35821 --a------ C:\WINDOWS\mozver.dat
2007-11-15 12:55:52 0 d-------- C:\Documents and Settings\J&L Torres\Application Data\Roxio


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [11/08/2002 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []

C:\Documents and Settings\J&L Torres\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
TDK Launcher.lnk - C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe [12/31/2003 11:07:30 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/15/2003 12:00:28 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk
backup=C:\WINDOWS\pss\CorelCENTRAL 10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 10.lnk
backup=C:\WINDOWS\pss\Desktop Application Director 10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^J&L Torres^Start Menu^Programs^Startup^Registration-Studio 8.lnk]
path=C:\Documents and Settings\J&L Torres\Start Menu\Programs\Startup\Registration-Studio 8.lnk
backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\PROGRA~1\WEATHE~1\Weather.exe /q

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-12-27 19:10:06 ------------
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP