Got caught up with Virtumonde.dll Please help.

-----------------------------------------
*** Kas Log ***
-----------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 12:35:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 814999
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
P:\

Scan Statistics:
Total number of scanned objects: 145393
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:36:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\cert8.db Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\key3.db Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\places.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\search.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\KP.RTD\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Dell SAS RAID Storage Manager\Framework\start.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP28\A0001800.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP33\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\iifecbYQ.dll Infected: Trojan-Downloader.Win32.Agent.plb skipped
C:\WINDOWS\system32\pmnnKAsR.dll Infected: Trojan-Downloader.Win32.Agent.plb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hlktmp Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\kikzkvrr.zex Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


-----------------------------------------
*** HJT Log ***
-----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:57 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Mod\pita212\Pitaschio.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KP.RTD\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BMcbf44e8d] Rundll32.exe "C:\WINDOWS\system32\ujxcppkg.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Shortcut to Pitaschio.exe.lnk = C:\Mod\pita212\Pitaschio.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211925922437
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9144E09-E65B-4526-8350-54BACC882463}: NameServer = 205.1.1.1,206.13.29.12
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7553 bytes

Hi

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam

Thank you for the help steam,

---------------------------------------
mbam log
---------------------------------------

Malwarebytes' Anti-Malware 1.14
Database version: 805

2:21:05 PM 5/30/2008
mbam-log-5-30-2008 (14-21-05).txt

Scan type: Quick Scan
Objects scanned: 36122
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hgGwVoMe.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifecbYQ.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e51b7849-610f-4144-bb37-0b29248427cd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e51b7849-610f-4144-bb37-0b29248427cd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifecbyq (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcbf44e8d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwvome -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ujxcppkg.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pmnnKAsR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwVoMe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifecbYQ.dll (Trojan.Vundo) -> Delete on reboot.


---------------------------------------
ComboFix log
---------------------------------------

ComboFix 08-05-29.1 - KP 2008-05-30 14:36:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2604 [GMT -7:00]
Running from: C:\Documents and Settings\KP.RTD\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KP.RTD\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMcbf44e8d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eMoVwGgh.ini
C:\WINDOWS\system32\eMoVwGgh.ini2
C:\WINDOWS\system32\gdtfgjmr.dll
C:\WINDOWS\system32\houbnxbq.dll
C:\WINDOWS\system32\HPorBJlm.ini
C:\WINDOWS\system32\HPorBJlm.ini2
C:\WINDOWS\system32\hwyyjjgn.ini
C:\WINDOWS\system32\iskoxhxj.dll
C:\WINDOWS\system32\isscjbsw.ini
C:\WINDOWS\system32\qbxnbuoh.ini
C:\WINDOWS\system32\vlgrggku.dll
C:\WINDOWS\system32\VxELmnnn.ini
C:\WINDOWS\system32\VxELmnnn.ini2
C:\WINDOWS\system32\wsbjcssi.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 14:14 . 2008-05-30 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 14:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 14:11 . 2008-05-30 14:12 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-30 14:09 . 2008-05-30 14:09 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-30 13:50 . 2008-05-30 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 13:36 . 2008-05-30 14:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-30 13:36 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 13:30 . 2006-02-20 22:27 81,987 --a------ C:\WINDOWS\system32\AUCPLMNT.DLL
2008-05-29 13:27 . 2008-05-29 13:30 <DIR> d-a------ C:\Program Files\Canon
2008-05-29 10:15 . 2008-05-29 10:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 10:15 . 2008-05-29 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 07:54 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-29 07:44 . 2008-05-29 07:44 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 16:13 . 2008-05-28 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Program Files\Bonjour
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-28 15:48 . 2008-05-28 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-28 15:22 . 2008-05-30 11:42 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\OpenOffice.org2
2008-05-28 15:08 . 2008-05-28 17:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 14:44 . 2008-05-28 14:44 <DIR> d-------- C:\Program Files\7-Zip
2008-05-28 14:31 . 2008-05-28 14:31 <DIR> d-------- C:\Program Files\Google Hacks
2008-05-28 13:35 . 2008-05-28 13:35 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-28 13:14 . 2008-05-28 13:21 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\FileZilla
2008-05-28 13:12 . 2008-05-28 13:12 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-05-28 12:49 . 2008-05-28 12:49 <DIR> d-------- C:\Program Files\RocketDock
2008-05-28 12:44 . 2008-05-28 12:44 <DIR> d-------- C:\Mod
2008-05-28 12:23 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-05-28 12:23 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-05-28 11:47 . 2008-05-28 11:48 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-28 11:47 . 2008-05-28 11:47 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Thunderbird
2008-05-28 08:20 . 2005-09-28 14:24 2,164,411 --a------ C:\WINDOWS\system32\haspds_windows.dll
2008-05-28 08:20 . 2001-09-28 19:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-05-28 08:20 . 2005-06-21 12:10 24,576 --a------ C:\WINDOWS\system32\hdsuinst.exe
2008-05-28 08:10 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-05-28 08:10 . 2006-11-22 10:01 327,168 --a------ C:\WINDOWS\system32\drivers\akshasp.sys
2008-05-28 08:10 . 2006-10-16 19:35 104,576 --a------ C:\WINDOWS\system32\drivers\aksclass.sys
2008-05-28 08:10 . 2006-11-22 10:01 100,096 --a------ C:\WINDOWS\system32\drivers\aksusb.sys
2008-05-28 08:10 . 2006-10-16 19:35 7,168 --a------ C:\WINDOWS\system32\akscoinst.dll
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Common Files\WinMain
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Codejock Software
2008-05-28 08:08 . 2008-05-28 08:11 <DIR> d-------- C:\mcamx
2008-05-28 08:04 . 2008-05-28 08:04 4,128 --a------ C:\INFCACHE.1
2008-05-28 07:56 . 2008-05-28 07:56 <DIR> d-------- C:\Program Files\Common Files\SYSPRO
2008-05-28 07:54 . 2008-05-28 07:56 <DIR> d-------- C:\SYSPRO60
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Common Files\Business Objects
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Business Objects
2008-05-28 07:44 . 2008-05-28 07:44 <DIR> d-------- C:\Downloads
2008-05-28 07:39 . 2008-05-28 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-28 07:24 . 2008-05-28 07:39 <DIR> d-------- C:\Program Files\ESET
2008-05-28 07:16 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\InstallShield
2008-05-28 07:16 . 2008-05-30 14:21 <DIR> d-------- C:\Documents and Settings\KP.RTD
2008-05-27 15:25 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-27 15:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 15:09 . 2008-05-27 15:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 15:05 . 2008-05-27 15:05 <DIR> d---s---- C:\Documents and Settings\KP\UserData
2008-05-27 15:05 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-27 15:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-27 15:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-27 14:55 . 2008-05-29 07:18 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 14:53 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP\Application Data\InstallShield
2008-05-27 14:53 . 2008-05-27 15:05 <DIR> d-------- C:\Documents and Settings\KP
2008-05-27 14:46 . 2004-08-03 20:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-27 14:46 . 2001-08-17 11:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-27 14:46 . 2001-08-17 12:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-27 14:46 . 2008-05-27 14:46 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-20 23:36 . 2008-05-20 23:36 61 --a------ C:\WINDOWS\smscfg.ini
2008-05-20 23:33 . 2008-05-28 12:58 <DIR> d-------- C:\Program Files\Google
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Program Files\Dell
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Program Files\CyberLink
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-20 23:32 . 2007-03-02 12:33 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-20 23:32 . 2007-03-02 12:33 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-05-20 23:32 . 2007-03-02 12:33 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-20 23:32 . 2007-03-02 12:33 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-20 23:32 . 2007-03-02 12:33 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-20 23:32 . 2008-05-30 07:42 427 --a------ C:\WINDOWS\wininit.ini
2008-05-20 23:31 . 2008-05-27 15:02 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-20 23:31 . 2008-05-20 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-20 23:31 . 2004-08-04 03:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-20 23:31 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-20 23:28 . 2008-05-20 23:28 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-20 23:27 . 2008-05-20 23:27 <DIR> d-------- C:\Program Files\Dell SAS RAID Storage Manager
2008-05-20 23:26 . 2008-05-27 15:00 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-05-20 23:25 . 2008-05-28 15:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\Program Files\Intel
2008-05-20 23:25 . 2008-05-28 08:10 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\Program Files\Broadcom
2008-05-20 23:25 . 2008-05-20 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-20 23:25 . 2007-10-18 13:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe
2008-05-20 23:25 . 2006-03-16 17:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-05-20 23:23 . 2008-05-28 13:35 <DIR> d-------- C:\Program Files\Java
2008-05-20 23:23 . 2008-05-20 23:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-20 23:23 . 2007-07-06 05:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-05-20 23:23 . 2007-07-06 05:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-05-20 23:23 . 2007-12-18 02:51 179,584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-05-20 23:23 . 2007-07-06 05:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-05-20 23:23 . 2007-07-06 05:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2008-05-20 23:23 . 2007-07-06 05:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-05-20 23:23 . 2007-07-06 03:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2008-05-20 23:23 . 2007-07-06 05:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-05-20 23:23 . 2007-07-06 05:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-05-20 23:23 . 2007-07-06 05:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2008-05-20 23:22 . 2008-05-20 23:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-20 23:22 . 2007-10-29 15:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-20 23:22 . 2007-06-13 03:23 1,033,216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2008-05-20 23:22 . 2007-07-09 06:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-20 23:22 . 2007-04-23 03:32 364,160 --------- C:\WINDOWS\system32\dllcache\update.sys
2008-05-20 23:22 . 2007-05-03 03:27 78,720 --------- C:\WINDOWS\system32\dllcache\sdbus.sys
2008-05-20 23:22 . 2007-05-03 03:03 12,032 --------- C:\WINDOWS\system32\dllcache\sffdisk.sys
2008-05-20 23:22 . 2007-05-03 03:03 11,008 --------- C:\WINDOWS\system32\dllcache\sffp_sd.sys
2008-05-20 23:22 . 2007-05-03 03:03 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-20 23:22 . 2007-05-03 03:03 10,240 --------- C:\WINDOWS\system32\dllcache\sffp_mmc.sys
2008-05-20 23:20 . 2007-10-25 20:36 8,454,656 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2008-05-20 23:19 . 2008-02-16 01:59 1,494,528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-05-20 23:18 . 2008-05-28 07:19 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 23:18 . 2007-11-07 02:26 721,920 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 13:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-01 13:06 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-01 13:06 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-01 13:06 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-01 13:06 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-01 13:06 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 11:59 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 08:59 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 08:59 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 13:44 178712]
"Popup"="C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-07-20 14:53 77922]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-18 17:48 1015808]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-13 16:31 8523776]

C:\Documents and Settings\KP.RTD\Start Menu\Programs\Startup\
Shortcut to Pitaschio.exe.lnk - C:\Mod\pita212\Pitaschio.exe [2008-05-28 12:44:25 90112]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcbf44e8d]
C:\WINDOWS\system32\ujxcppkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"BMcbf44e8d"=Rundll32.exe "C:\WINDOWS\system32\ujxcppkg.dll",s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 21:42:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 14:41:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-05-30 14:44:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 21:44:30

Pre-Run: 728,732,069,888 bytes free
Post-Run: 728,639,188,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

259

System seems to be working fine, but I would like to know if I need to perform any further clean up.

Hi

Your logs are fine :)

just a couple of orphan registry keys to remove ....

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word Registry:: is on the first line of the text file you save (no blank line above it, & no space in front of it)


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcbf44e8d]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMcbf44e8d"=-


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam

It did not ask for a reboot so here are the logs

---------------------------------------
*** ComboFix Log ***
---------------------------------------

ComboFix 08-05-29.1 - KP 2008-06-03 7:55:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2428 [GMT -7:00]
Running from: C:\Documents and Settings\KP.RTD\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KP.RTD\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-02 14:07 . 2008-06-02 14:07 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\SolidWorks 2008
2008-06-02 14:04 . 2008-06-02 14:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-02 14:00 . 2008-06-02 15:00 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\SolidWorks
2008-06-02 13:45 . 2008-06-02 13:45 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\DWGeditor
2008-06-02 13:36 . 2008-06-02 13:36 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-06-02 13:30 . 2008-06-02 13:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-02 13:30 . 2006-09-20 04:40 1,286,656 --------- C:\WINDOWS\system32\dllcache\ole32.dll
2008-06-02 13:30 . 2006-09-20 04:40 399,360 --------- C:\WINDOWS\system32\dllcache\rpcss.dll
2008-06-02 13:30 . 2008-06-02 13:30 23 --ah----- C:\WINDOWS\yacht.xws
2008-06-02 13:24 . 2008-06-02 13:49 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-06-02 13:23 . 2008-06-03 07:06 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-02 13:23 . 2008-06-02 13:48 <DIR> d-------- C:\Program Files\SolidWorks
2008-06-02 13:23 . 2008-06-02 13:49 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008
2008-06-02 13:23 . 2008-06-02 13:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-02 13:23 . 2008-06-02 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-06-02 13:22 . 2006-09-15 05:36 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-06-02 13:22 . 2006-09-15 05:36 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-06-02 13:22 . 2006-09-15 05:36 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-06-02 13:18 . 2008-06-02 13:18 <DIR> d-------- C:\Program Files\MSECache
2008-06-02 13:18 . 2008-06-02 13:18 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-02 13:15 . 2008-06-02 13:15 <DIR> d-------- C:\Program Files\MSBuild
2008-06-02 13:13 . 2008-06-02 13:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-02 13:13 . 2008-06-02 13:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-02 13:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-02 13:12 . 2008-06-03 07:04 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-06-02 10:42 . 2008-06-02 14:08 <DIR> d-------- C:\SolidWorks Data
2008-06-02 10:38 . 2008-06-02 10:40 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Installation Manager
2008-06-02 10:31 . 2008-06-02 13:09 <DIR> d-------- C:\WINDOWS\SolidWorks
2008-06-02 10:30 . 2008-06-03 07:07 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\IM
2008-06-02 09:59 . 2008-06-02 09:59 218,624 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-06-02 09:44 . 2008-06-02 09:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-02 09:23 . 2008-06-02 09:23 <DIR> d-------- C:\Documents and Settings\Kevin
2008-05-30 14:14 . 2008-05-30 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 14:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 14:11 . 2008-05-30 14:49 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-30 14:09 . 2008-05-30 14:09 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-30 13:50 . 2008-05-30 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 13:36 . 2008-05-30 14:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-30 13:36 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 13:30 . 2006-02-20 22:27 81,987 --a------ C:\WINDOWS\system32\AUCPLMNT.DLL
2008-05-29 13:27 . 2008-05-29 13:30 <DIR> d-a------ C:\Program Files\Canon
2008-05-29 10:15 . 2008-05-29 10:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 10:15 . 2008-05-29 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 07:54 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-29 07:44 . 2008-05-29 07:44 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 16:13 . 2008-05-28 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Program Files\Bonjour
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-28 15:48 . 2008-05-28 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-28 15:22 . 2008-05-30 11:42 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\OpenOffice.org2
2008-05-28 15:08 . 2008-05-28 17:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 14:44 . 2008-05-28 14:44 <DIR> d-------- C:\Program Files\7-Zip
2008-05-28 14:31 . 2008-05-28 14:31 <DIR> d-------- C:\Program Files\Google Hacks
2008-05-28 13:35 . 2008-05-28 13:35 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-28 13:14 . 2008-05-28 13:21 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\FileZilla
2008-05-28 13:12 . 2008-05-28 13:12 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-05-28 12:49 . 2008-05-28 12:49 <DIR> d-------- C:\Program Files\RocketDock
2008-05-28 12:44 . 2008-06-02 10:03 <DIR> d-------- C:\Mod
2008-05-28 12:23 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-05-28 12:23 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-05-28 11:47 . 2008-06-02 14:39 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-28 11:47 . 2008-05-28 11:47 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Thunderbird
2008-05-28 08:20 . 2005-09-28 14:24 2,164,411 --a------ C:\WINDOWS\system32\haspds_windows.dll
2008-05-28 08:20 . 2001-09-28 19:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-05-28 08:20 . 2005-06-21 12:10 24,576 --a------ C:\WINDOWS\system32\hdsuinst.exe
2008-05-28 08:10 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-05-28 08:10 . 2006-11-22 10:01 327,168 --a------ C:\WINDOWS\system32\drivers\akshasp.sys
2008-05-28 08:10 . 2006-10-16 19:35 104,576 --a------ C:\WINDOWS\system32\drivers\aksclass.sys
2008-05-28 08:10 . 2006-11-22 10:01 100,096 --a------ C:\WINDOWS\system32\drivers\aksusb.sys
2008-05-28 08:10 . 2006-10-16 19:35 7,168 --a------ C:\WINDOWS\system32\akscoinst.dll
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Common Files\WinMain
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Codejock Software
2008-05-28 08:08 . 2008-05-28 08:11 <DIR> d-------- C:\mcamx
2008-05-28 08:04 . 2008-05-28 08:04 4,128 --a------ C:\INFCACHE.1
2008-05-28 07:56 . 2008-05-28 07:56 <DIR> d-------- C:\Program Files\Common Files\SYSPRO
2008-05-28 07:54 . 2008-05-28 07:56 <DIR> d-------- C:\SYSPRO60
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Common Files\Business Objects
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Business Objects
2008-05-28 07:44 . 2008-05-28 07:44 <DIR> d-------- C:\Downloads
2008-05-28 07:39 . 2008-05-28 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-28 07:24 . 2008-05-28 07:39 <DIR> d-------- C:\Program Files\ESET
2008-05-28 07:16 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\InstallShield
2008-05-28 07:16 . 2008-06-03 07:05 <DIR> d-------- C:\Documents and Settings\KP.RTD
2008-05-27 15:25 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-27 15:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 15:09 . 2008-05-27 15:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 15:05 . 2008-05-27 15:05 <DIR> d---s---- C:\Documents and Settings\KP\UserData
2008-05-27 15:05 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-27 15:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-27 15:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-27 14:55 . 2008-05-29 07:18 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 14:53 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP\Application Data\InstallShield
2008-05-27 14:53 . 2008-05-27 15:05 <DIR> d-------- C:\Documents and Settings\KP
2008-05-27 14:46 . 2004-08-03 20:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-27 14:46 . 2001-08-17 11:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-27 14:46 . 2001-08-17 12:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-27 14:46 . 2008-05-27 14:46 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-20 23:36 . 2008-05-20 23:36 61 --a------ C:\WINDOWS\smscfg.ini
2008-05-20 23:33 . 2008-05-28 12:58 <DIR> d-------- C:\Program Files\Google
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Program Files\Dell
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Program Files\CyberLink
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-20 23:32 . 2007-03-02 12:33 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-20 23:32 . 2007-03-02 12:33 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-05-20 23:32 . 2007-03-02 12:33 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-20 23:32 . 2007-03-02 12:33 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-20 23:32 . 2007-03-02 12:33 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-20 23:32 . 2008-05-30 07:42 427 --a------ C:\WINDOWS\wininit.ini
2008-05-20 23:31 . 2008-05-27 15:02 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-20 23:31 . 2008-05-20 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-20 23:31 . 2004-08-04 03:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-20 23:31 . 2007-01-03 11:21 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-20 23:28 . 2008-05-20 23:28 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-20 23:27 . 2008-05-20 23:27 <DIR> d-------- C:\Program Files\Dell SAS RAID Storage Manager
2008-05-20 23:26 . 2008-05-27 15:00 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-05-20 23:25 . 2008-05-28 15:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 16:59 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-30_14.44.16.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-02 20:18:21 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-06-02 20:18:20 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-06-02 20:18:16 461,616 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2008-06-02 20:18:19 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-06-02 20:18:16 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-02 20:18:19 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-06-02 20:18:21 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-06-02 20:18:17 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-06-02 20:18:19 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-06-02 20:13:06 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-06-02 20:13:37 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-06-02 20:13:39 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-06-02 20:13:05 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-06-02 20:13:36 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-06-02 20:13:36 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-06-02 20:13:39 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-06-02 20:13:39 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-06-02 20:13:39 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-06-02 20:13:39 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-06-02 20:13:38 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-06-02 20:13:38 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-06-02 20:13:39 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-06-02 20:13:07 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-06-02 20:13:07 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-06-02 20:13:07 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-06-02 20:13:07 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-06-02 20:13:07 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-06-02 20:13:10 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-06-02 20:13:10 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-06-02 20:13:08 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-06-02 20:13:40 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-06-02 20:15:03 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-06-02 20:15:03 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-06-02 20:15:03 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-06-02 20:13:39 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-06-02 20:13:39 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-06-02 20:13:39 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-06-02 20:13:38 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-06-02 20:13:36 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-06-02 20:13:40 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-06-03 14:41:05 503,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\373d5acced35e392e1f413a69042340d\ComSvcConfig.ni.exe
+ 2008-06-03 14:41:07 1,114,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\019a85babfbe02cecdbb63a65d391aba\Microsoft.Transactions.Bridge.ni.dll
+ 2008-06-03 14:41:08 401,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb8d7b6cc6827e9f2d66c4d7ef9b5d54\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-06-02 20:14:02 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-06-03 14:41:17 1,564,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\41bd82648d480ec304ea0c04034787bc\PresentationBuildTasks.ni.dll
+ 2008-06-02 20:14:21 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9385f2c37b2e00e06ec3f57153f63a2d\PresentationCFFRasterizer.ni.dll
+ 2008-06-02 20:14:20 11,980,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\7e413273e9d6710be8a39dcce2e45c2c\PresentationCore.ni.dll
+ 2008-06-02 20:14:50 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\599806acdd6dc0aeed19ebf9d622dcad\PresentationFontCache.ni.exe
+ 2008-06-02 20:14:48 552,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0766df362854f0330a4a45179773657e\PresentationFramework.Luna.ni.dll
+ 2008-06-02 20:14:48 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8aaa2b56f733902cc1ba9d8300d2a0e3\PresentationFramework.Royale.ni.dll
+ 2008-06-02 20:14:47 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d87c2740add3b0f86833159ce57c71ec\PresentationFramework.Classic.ni.dll
+ 2008-06-02 20:14:39 14,659,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\de20226274a5739a4b42d8e26b546180\PresentationFramework.ni.dll
+ 2008-06-02 20:14:49 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e389aa7f3dd4eb1ee585724f130a79cb\PresentationFramework.Aero.ni.dll
+ 2008-06-02 20:14:41 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\f97ac4e9c402e98d2b5b7114e4fbbd2a\PresentationUI.ni.dll
+ 2008-06-02 20:14:44 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\1fe0f79dd0d47e4d1eb474f98a1949fb\ReachFramework.ni.dll
+ 2008-06-03 14:41:08 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\0bcc4abbe0c5c3feeda7f711304ac4a0\ServiceModelReg.ni.exe
+ 2008-06-03 14:41:09 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5e3765ee346151c26a3793ddf3a8d6d7\SMDiagnostics.ni.dll
+ 2008-06-03 14:41:10 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c6f33f28f5bb403981ac148da447e3c5\SMSvcHost.ni.exe
+ 2008-06-03 14:41:23 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll
+ 2008-06-02 20:14:06 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-06-02 20:14:06 1,183,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-06-02 20:14:02 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-06-03 14:40:39 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\dd8f551c39409fa95b0c22cf2ee48b65\System.IdentityModel.Selectors.ni.dll
+ 2008-06-03 14:40:38 978,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\581d8571e61ebe24154ae912624c3c9d\System.IdentityModel.ni.dll
+ 2008-06-03 14:40:40 417,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\86cd41998dc72b213d9464b56fe245b9\System.IO.Log.ni.dll
+ 2008-06-02 20:15:17 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll
+ 2008-06-02 20:14:45 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\690a965457e274ad13f6b1f9ac2bad4e\System.Printing.ni.dll
+ 2008-06-02 20:14:04 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-06-02 20:14:04 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-06-03 14:40:43 2,351,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c4838d300f677f34c9d44ead84b8603b\System.Runtime.Serialization.ni.dll
+ 2008-06-03 14:41:04 17,354,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7a2bc3302a133e235ec99193c56a0571\System.ServiceModel.ni.dll
+ 2008-06-03 14:41:22 2,039,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d38908d5c6a11dd7dceaf9bd34adb437\System.Speech.ni.dll
+ 2008-06-02 20:15:09 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5e0df5685ce40f838eea52a5f1454b68\System.Workflow.Activities.ni.dll
+ 2008-06-02 20:15:14 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\2689e361e42d0bb9e3d19f1ecd30c26a\System.Workflow.ComponentModel.ni.dll
+ 2008-06-02 20:15:16 2,093,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\41b6c3a0c115c43c53697efa1607fe49\System.Workflow.Runtime.ni.dll
+ 2008-06-03 14:41:26 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f61803ded1c123ed9ed5849e7dcebf25\UIAutomationClient.ni.dll
+ 2008-06-03 14:41:27 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\679889309b57024e8abbe80c6c7d48bc\UIAutomationClientsideProviders.ni.dll
+ 2008-06-02 20:14:20 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9865738a916ad3664dd374582b9ea873\UIAutomationProvider.ni.dll
+ 2008-06-02 20:14:21 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\71605ce631809dcbfba38842fdf59acf\UIAutomationTypes.ni.dll
+ 2008-06-02 20:13:59 3,260,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\50652bfd061ead84841e6c9bfffacfb1\WindowsBase.ni.dll
+ 2008-06-03 14:41:29 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2c96738a6ba8ff9e88889f331590e181\WindowsFormsIntegration.ni.dll
+ 2008-06-03 14:41:11 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\02436080d129210828823210ce879fd8\WsatConfig.ni.exe
- 2008-05-30 21:39:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 14:07:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\updspapi.dll
+ 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\ARPPRODUCTICON.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditor_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditor1_C1A7EF455E1B4799AB173C52D9FB3A0E.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditorEnNo_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditorEnNo1_C1A7EF455E1B4799AB173C52D9FB3A0E.exe
+ 2008-06-02 20:18:25 217,864 ----a-r C:\WINDOWS\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
+ 2008-06-02 20:36:35 91,648 ----a-r C:\WINDOWS\Installer\{E69411C0-8D66-4F9C-B6D6-9ED2FB89D0E4}\eModelViewer.exe
+ 2008-06-02 20:36:35 19,790 ----a-r C:\WINDOWS\Installer\{E69411C0-8D66-4F9C-B6D6-9ED2FB89D0E4}\eModelViewer1.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\CopyOptWiz.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldRx.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldRxexeSDK_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldRxexeSE_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:30:04 61,440 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldWorks.exe
+ 2008-06-02 20:30:04 61,440 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\SldConverter.exe
+ 2008-06-02 20:30:04 40,960 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\swlmwizard.exe
+ 2008-06-02 20:30:04 61,440 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\swScheduler.exe
+ 2008-06-02 20:40:39 19,790 ----a-r C:\WINDOWS\Installer\{F2AA5A35-33F1-49F4-848B-33CD86F0D647}\ARPPRODUCTICON.exe
+ 2008-06-02 20:40:39 61,440 ----a-r C:\WINDOWS\Installer\{F2AA5A35-33F1-49F4-848B-33CD86F0D647}\NewShortcut4_9D476422816D4D9D9C5BF92FD1B36102.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\ARPPRODUCTICON.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut1.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut1.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut2.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut2.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut3.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut3_2723AB6ADE8640EEAA77EC7E47C4DF34.exe
+ 2006-10-30 11:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2006-10-30 10:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-30 06:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2006-10-30 06:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2006-10-30 06:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-30 10:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-30 10:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 10:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 10:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 10:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 10:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 10:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 10:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
+ 2006-10-30 10:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 10:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 10:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 10:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 10:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 10:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 10:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 10:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 10:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 10:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 10:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 10:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 10:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 10:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 10:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 10:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 10:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 10:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-30 06:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-30 06:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-30 06:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-30 06:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-30 06:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-30 06:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-30 10:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-30 10:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 10:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 10:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 10:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-30 10:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 10:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 10:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 10:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 10:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 10:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 10:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 10:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 10:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 10:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 10:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 10:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 10:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 10:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 10:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 10:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 10:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 10:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-30 06:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-30 06:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-30 10:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 10:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-06-02 20:12:58 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2008-06-02 20:12:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-30 10:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2006-10-30 10:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 10:34:02 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-10-30 10:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 10:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 10:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 10:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 10:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 10:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-30 10:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 10:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 10:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-07-26 04:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-20 23:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-20 23:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-20 21:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-21 04:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-10-21 04:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-21 04:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-21 04:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-21 04:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-21 04:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Glossy1\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Glossy2\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Glossy2C\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\normalcolor\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth1\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth1C\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth2\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth2C\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\Blue2\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\Blue22\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\Blue3\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\NormalColor\Shellstyle.dll
+ 2008-02-29 12:12:16 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese-simplified\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:22 122,880 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese-simplified\sldIMresu.dll
+ 2008-02-29 12:12:14 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:22 126,976 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese\sldIMresu.dll
+ 2008-02-29 12:12:22 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\czech\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:36 200,704 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\czech\sldIMresu.dll
+ 2008-02-29 12:12:16 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\english\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:24 196,608 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\english\sldIMresu.dll
+ 2008-02-29 12:12:16 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\french\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:26 221,184 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\french\sldIMresu.dll
+ 2008-02-29 12:12:18 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\german\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:26 225,280 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\german\sldIMresu.dll
+ 2008-02-29 12:12:18 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\italian\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:28 212,992 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\italian\sldIMresu.dll
+ 2008-02-29 12:12:18 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\japanese\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:30 159,744 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\japanese\sldIMresu.dll
+ 2008-02-29 12:12:22 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\korean\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:34 143,360 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\korean\sldIMresu.dll
+ 2008-02-29 12:12:20 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\polish\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:30 208,896 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\polish\sldIMresu.dll
+ 2008-02-29 12:12:22 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\portuguese-brazilian\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:38 212,992 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\portuguese-brazilian\sldIMresu.dll
+ 2008-02-29 12:12:20 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\russian\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:32 208,896 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\russian\sldIMresu.dll
+ 2008-02-29 12:12:20 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\spanish\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:34 221,184 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\spanish\sldIMresu.dll
+ 2008-02-29 20:09:26 83,736 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\regval.exe
+ 2008-02-29 20:09:26 767,256 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\sldadminoptioneditor.exe
+ 2008-02-29 20:09:24 6,767,896 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\sldIM.exe
- 2007-08-14 01:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-14 01:39:00 123,904 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-14 01:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-14 01:54:10 131,584 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-10-14 23:43:18 27,648 ------w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2007-08-14 01:39:06 54,784 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-14 01:39:54 229,376 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-14 00:56:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-14 01:39:50 382,976 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-14 01:39:10 43,008 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-14 01:43:56 622,080 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-14 01:54:10 27,136 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-14 01:54:12 3,578,368 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-02 01:36:30 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-14 01:54:10 475,648 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-14 01:44:26 192,000 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-14 01:54:10 670,720 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-14 01:44:06 101,376 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-14 01:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-10-14 23:44:44 671,744 ------w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2007-08-14 01:44:30 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-14 01:54:10 1,162,240 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-14 01:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-14 01:54:10 231,424 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-14 01:54:10 818,688 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-10-15 03:21:58 580,352 ------w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2006-10-15 03:22:00 1,698,048 ------w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
+ 2007-04-14 21:10:40 113,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_AF7F37E9A9915C11C74CCDC4D0974682050F02B7\physX32.sys
- 2007-08-14 01:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2006-10-21 04:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2006-10-21 04:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
- 2007-08-14 01:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 1999-04-06 16:55:22 1,109,264 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 1999-04-06 16:55:24 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-05-29 13:37:34 1,408,896 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-02 20:57:01 1,426,792 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2006-10-30 10:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
- 2007-08-14 01:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-10-30 10:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
- 2007-08-14 01:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-14 01:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-14 00:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 23:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 19:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-14 01:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-14 01:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 01:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-14 01:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-14 01:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-30 10:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2007-08-14 01:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2002-01-05 11:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 11:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2006-10-21 04:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
- 2004-08-04 10:00:00 18,944 ----a-w C:\WINDOWS\system32\mimefilt.dll
+ 2006-09-15 12:36:32 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll
- 2007-08-14 01:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-14 01:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-14 01:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-02 01:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-14 01:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-14 01:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2000-04-04 00:52:52 94,208 ----a-w C:\WINDOWS\system32\msstkprp.dll
- 2007-08-14 01:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2002-01-05 10:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2003-04-18 23:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 23:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
- 2004-08-04 10:00:00 103,936 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2006-09-15 12:36:32 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll
- 2007-08-14 01:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2004-08-04 10:00:00 120,832 ----a-w C:\WINDOWS\system32\offfilt.dll
+ 2006-09-15 12:36:32 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll
- 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2006-09-20 11:40:23 1,286,656 ----a-w C:\WINDOWS\system32\ole32.dll
- 2008-05-28 17:47:57 64,200 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-03 14:04:35 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-28 17:47:57 407,670 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-03 14:04:35 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-24 19:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
+ 2007-08-10 15:45:34 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
- 2007-08-14 01:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-21 04:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-21 04:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2006-10-21 04:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2006-10-21 04:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2006-10-14 23:43:38 124,416 ------w C:\WINDOWS\system32\prntvpt.dll
+ 2006-08-24 23:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
- 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2006-09-20 11:40:23 399,360 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 1999-04-06 16:55:30 15,872 ----a-w C:\WINDOWS\system32\SCP32.DLL
- 2008-03-20 21:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-01-03 18:21:06 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-10-14 23:42:40 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2006-10-14 23:42:18 376,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2006-10-14 23:42:28 510,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2006-10-14 23:40:36 619,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 23:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2006-10-14 23:44:44 671,744 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-15 00:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2006-10-15 00:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2006-10-15 03:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2006-10-15 00:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2006-10-15 03:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2006-10-21 04:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2007-08-14 01:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-14 01:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 1999-04-06 16:55:32 40,960 ----a-w C:\WINDOWS\system32\VBAME.DLL
- 2007-08-14 01:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-24 19:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 19:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
- 2007-08-14 01:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-10-24 19:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
+ 2001-10-29 15:44:36 397,856 ----a-w C:\WINDOWS\system32\XceedZip.dll
+ 2006-10-15 03:21:58 580,352 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2006-10-15 03:22:00 1,698,048 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2006-10-21 04:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-08-22 02:46:34 59,160 ----a-w C:\WINDOWS\system32\zlib.dll
+ 2008-06-02 20:27:24 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-06-02 20:27:25 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 13:44 178712]
"Popup"="C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-07-20 14:53 77922]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-18 17:48 1015808]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-13 16:31 8523776]
"SolidWorks_CheckForUpdates"="C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-02-29 13:09 6767896]

C:\Documents and Settings\KP.RTD\Start Menu\Programs\Startup\
Shortcut to Pitaschio.exe.lnk - C:\Mod\pita212\Pitaschio.exe [2008-05-28 12:44:25 90112]
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-02-29 07:08:22 488728]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoUserNameInStartMenu"= 01000000

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 14:10:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 07:57:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 7:58:39
ComboFix-quarantined-files.txt 2008-06-03 14:58:32
ComboFix2.txt 2008-05-30 21:44:33

Pre-Run: 720,155,189,248 bytes free
Post-Run: 720,376,569,856 bytes free

636 --- E O F --- 2008-06-02 14:03:21

---------------------------------------
*** Hijack This Log ***
---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:00, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Mod\pita212\Pitaschio.exe
C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\KP.RTD\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Shortcut to Pitaschio.exe.lnk = C:\Mod\pita212\Pitaschio.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211925922437
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9144E09-E65B-4526-8350-54BACC882463}: NameServer = 205.1.1.1,206.13.29.12
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8515 bytes

HI

Looking good :)

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

http://img.photobucket.com/albums/v624/29wood/Clipboard01-1.gif

Then please run & post a new KASPERSKY ONLINE SCANNER REPORT

& I should be able to give you the "all clear"

steam

--------------------------------
*** KAS Log ***
--------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-06-03 15:36
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 826461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
P:\
U:\

Scan Statistics:
Total number of scanned objects: 156596
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:55:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302008-140949.log Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\IM\sldIMSchedulerLog_20080-40301-1100_00004.txt Object is locked skipped
C:\Documents and Settings\KP.RTD\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\History\History.IE5\MSHist012008060320080604\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\Perflib_Perfdata_470.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0002\~efe2.tmp Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\~DFE203.tmp Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\~DFE895.tmp Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\KP.RTD\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Dell SAS RAID Storage Manager\Framework\start.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9F14F2D9-251E-4A80-B2D2-089E0734F430}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hlktmp Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\556 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Hi

Excellent :)

that's what I like to see :-

Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0

Before you leave the site ...

Please Have a look here at ways to keep your computer safe :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

Happy surfing

steam

Steam-

Thank you so much for all your hard work. I really appreciate it.

Thanks again.

Hi

You're very welcome :)

As this thread is resolved, :) it is now locked.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam