Another Virtumonde Problem

Status
Not open for further replies.
K

keeper22

New member
Got caught up with Virtumonde.dll Please help.

-----------------------------------------
*** Kas Log ***
-----------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 12:35:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 814999
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
P:\

Scan Statistics:
Total number of scanned objects: 145393
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:36:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\cert8.db Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\key3.db Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\places.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\search.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7welp16a.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\KP.RTD\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Dell SAS RAID Storage Manager\Framework\start.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP28\A0001800.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP33\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\iifecbYQ.dll Infected: Trojan-Downloader.Win32.Agent.plb skipped
C:\WINDOWS\system32\pmnnKAsR.dll Infected: Trojan-Downloader.Win32.Agent.plb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hlktmp Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\kikzkvrr.zex Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


-----------------------------------------
*** HJT Log ***
-----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:57 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Mod\pita212\Pitaschio.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KP.RTD\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BMcbf44e8d] Rundll32.exe "C:\WINDOWS\system32\ujxcppkg.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Shortcut to Pitaschio.exe.lnk = C:\Mod\pita212\Pitaschio.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211925922437
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9144E09-E65B-4526-8350-54BACC882463}: NameServer = 205.1.1.1,206.13.29.12
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7553 bytes
 
Hi

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
 
Thank you for the help steam,

---------------------------------------
mbam log
---------------------------------------

Malwarebytes' Anti-Malware 1.14
Database version: 805

2:21:05 PM 5/30/2008
mbam-log-5-30-2008 (14-21-05).txt

Scan type: Quick Scan
Objects scanned: 36122
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hgGwVoMe.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifecbYQ.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e51b7849-610f-4144-bb37-0b29248427cd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e51b7849-610f-4144-bb37-0b29248427cd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifecbyq (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcbf44e8d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwvome -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ujxcppkg.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pmnnKAsR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwVoMe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifecbYQ.dll (Trojan.Vundo) -> Delete on reboot.


---------------------------------------
ComboFix log
---------------------------------------

ComboFix 08-05-29.1 - KP 2008-05-30 14:36:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2604 [GMT -7:00]
Running from: C:\Documents and Settings\KP.RTD\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KP.RTD\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMcbf44e8d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eMoVwGgh.ini
C:\WINDOWS\system32\eMoVwGgh.ini2
C:\WINDOWS\system32\gdtfgjmr.dll
C:\WINDOWS\system32\houbnxbq.dll
C:\WINDOWS\system32\HPorBJlm.ini
C:\WINDOWS\system32\HPorBJlm.ini2
C:\WINDOWS\system32\hwyyjjgn.ini
C:\WINDOWS\system32\iskoxhxj.dll
C:\WINDOWS\system32\isscjbsw.ini
C:\WINDOWS\system32\qbxnbuoh.ini
C:\WINDOWS\system32\vlgrggku.dll
C:\WINDOWS\system32\VxELmnnn.ini
C:\WINDOWS\system32\VxELmnnn.ini2
C:\WINDOWS\system32\wsbjcssi.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 14:14 . 2008-05-30 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 14:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 14:11 . 2008-05-30 14:12 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-30 14:09 . 2008-05-30 14:09 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-30 13:50 . 2008-05-30 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 13:36 . 2008-05-30 14:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-30 13:36 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 13:30 . 2006-02-20 22:27 81,987 --a------ C:\WINDOWS\system32\AUCPLMNT.DLL
2008-05-29 13:27 . 2008-05-29 13:30 <DIR> d-a------ C:\Program Files\Canon
2008-05-29 10:15 . 2008-05-29 10:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 10:15 . 2008-05-29 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 07:54 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-29 07:44 . 2008-05-29 07:44 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 16:13 . 2008-05-28 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Program Files\Bonjour
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-28 15:48 . 2008-05-28 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-28 15:22 . 2008-05-30 11:42 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\OpenOffice.org2
2008-05-28 15:08 . 2008-05-28 17:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 14:44 . 2008-05-28 14:44 <DIR> d-------- C:\Program Files\7-Zip
2008-05-28 14:31 . 2008-05-28 14:31 <DIR> d-------- C:\Program Files\Google Hacks
2008-05-28 13:35 . 2008-05-28 13:35 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-28 13:14 . 2008-05-28 13:21 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\FileZilla
2008-05-28 13:12 . 2008-05-28 13:12 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-05-28 12:49 . 2008-05-28 12:49 <DIR> d-------- C:\Program Files\RocketDock
2008-05-28 12:44 . 2008-05-28 12:44 <DIR> d-------- C:\Mod
2008-05-28 12:23 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-05-28 12:23 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-05-28 11:47 . 2008-05-28 11:48 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-28 11:47 . 2008-05-28 11:47 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Thunderbird
2008-05-28 08:20 . 2005-09-28 14:24 2,164,411 --a------ C:\WINDOWS\system32\haspds_windows.dll
2008-05-28 08:20 . 2001-09-28 19:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-05-28 08:20 . 2005-06-21 12:10 24,576 --a------ C:\WINDOWS\system32\hdsuinst.exe
2008-05-28 08:10 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-05-28 08:10 . 2006-11-22 10:01 327,168 --a------ C:\WINDOWS\system32\drivers\akshasp.sys
2008-05-28 08:10 . 2006-10-16 19:35 104,576 --a------ C:\WINDOWS\system32\drivers\aksclass.sys
2008-05-28 08:10 . 2006-11-22 10:01 100,096 --a------ C:\WINDOWS\system32\drivers\aksusb.sys
2008-05-28 08:10 . 2006-10-16 19:35 7,168 --a------ C:\WINDOWS\system32\akscoinst.dll
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Common Files\WinMain
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Codejock Software
2008-05-28 08:08 . 2008-05-28 08:11 <DIR> d-------- C:\mcamx
2008-05-28 08:04 . 2008-05-28 08:04 4,128 --a------ C:\INFCACHE.1
2008-05-28 07:56 . 2008-05-28 07:56 <DIR> d-------- C:\Program Files\Common Files\SYSPRO
2008-05-28 07:54 . 2008-05-28 07:56 <DIR> d-------- C:\SYSPRO60
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Common Files\Business Objects
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Business Objects
2008-05-28 07:44 . 2008-05-28 07:44 <DIR> d-------- C:\Downloads
2008-05-28 07:39 . 2008-05-28 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-28 07:24 . 2008-05-28 07:39 <DIR> d-------- C:\Program Files\ESET
2008-05-28 07:16 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\InstallShield
2008-05-28 07:16 . 2008-05-30 14:21 <DIR> d-------- C:\Documents and Settings\KP.RTD
2008-05-27 15:25 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-27 15:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 15:09 . 2008-05-27 15:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 15:05 . 2008-05-27 15:05 <DIR> d---s---- C:\Documents and Settings\KP\UserData
2008-05-27 15:05 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-27 15:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-27 15:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-27 14:55 . 2008-05-29 07:18 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 14:53 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP\Application Data\InstallShield
2008-05-27 14:53 . 2008-05-27 15:05 <DIR> d-------- C:\Documents and Settings\KP
2008-05-27 14:46 . 2004-08-03 20:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-27 14:46 . 2001-08-17 11:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-27 14:46 . 2001-08-17 12:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-27 14:46 . 2008-05-27 14:46 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-20 23:36 . 2008-05-20 23:36 61 --a------ C:\WINDOWS\smscfg.ini
2008-05-20 23:33 . 2008-05-28 12:58 <DIR> d-------- C:\Program Files\Google
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Program Files\Dell
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Program Files\CyberLink
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-20 23:32 . 2007-03-02 12:33 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-20 23:32 . 2007-03-02 12:33 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-05-20 23:32 . 2007-03-02 12:33 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-20 23:32 . 2007-03-02 12:33 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-20 23:32 . 2007-03-02 12:33 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-20 23:32 . 2008-05-30 07:42 427 --a------ C:\WINDOWS\wininit.ini
2008-05-20 23:31 . 2008-05-27 15:02 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-20 23:31 . 2008-05-20 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-20 23:31 . 2004-08-04 03:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-20 23:31 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-20 23:28 . 2008-05-20 23:28 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-20 23:27 . 2008-05-20 23:27 <DIR> d-------- C:\Program Files\Dell SAS RAID Storage Manager
2008-05-20 23:26 . 2008-05-27 15:00 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-05-20 23:25 . 2008-05-28 15:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\Program Files\Intel
2008-05-20 23:25 . 2008-05-28 08:10 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\Program Files\Broadcom
2008-05-20 23:25 . 2008-05-20 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-20 23:25 . 2007-10-18 13:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe
2008-05-20 23:25 . 2006-03-16 17:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-05-20 23:23 . 2008-05-28 13:35 <DIR> d-------- C:\Program Files\Java
2008-05-20 23:23 . 2008-05-20 23:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-20 23:23 . 2007-07-06 05:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-05-20 23:23 . 2007-07-06 05:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-05-20 23:23 . 2007-12-18 02:51 179,584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-05-20 23:23 . 2007-07-06 05:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-05-20 23:23 . 2007-07-06 05:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2008-05-20 23:23 . 2007-07-06 05:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-05-20 23:23 . 2007-07-06 03:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2008-05-20 23:23 . 2007-07-06 05:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-05-20 23:23 . 2007-07-06 05:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-05-20 23:23 . 2007-07-06 05:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2008-05-20 23:22 . 2008-05-20 23:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-20 23:22 . 2007-10-29 15:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-20 23:22 . 2007-06-13 03:23 1,033,216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2008-05-20 23:22 . 2007-07-09 06:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-20 23:22 . 2007-04-23 03:32 364,160 --------- C:\WINDOWS\system32\dllcache\update.sys
2008-05-20 23:22 . 2007-05-03 03:27 78,720 --------- C:\WINDOWS\system32\dllcache\sdbus.sys
2008-05-20 23:22 . 2007-05-03 03:03 12,032 --------- C:\WINDOWS\system32\dllcache\sffdisk.sys
2008-05-20 23:22 . 2007-05-03 03:03 11,008 --------- C:\WINDOWS\system32\dllcache\sffp_sd.sys
2008-05-20 23:22 . 2007-05-03 03:03 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-20 23:22 . 2007-05-03 03:03 10,240 --------- C:\WINDOWS\system32\dllcache\sffp_mmc.sys
2008-05-20 23:20 . 2007-10-25 20:36 8,454,656 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2008-05-20 23:19 . 2008-02-16 01:59 1,494,528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-05-20 23:18 . 2008-05-28 07:19 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 23:18 . 2007-11-07 02:26 721,920 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 13:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-01 13:06 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-01 13:06 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-01 13:06 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-01 13:06 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-01 13:06 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 11:59 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 08:59 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 08:59 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 13:44 178712]
"Popup"="C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-07-20 14:53 77922]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-18 17:48 1015808]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-13 16:31 8523776]

C:\Documents and Settings\KP.RTD\Start Menu\Programs\Startup\
Shortcut to Pitaschio.exe.lnk - C:\Mod\pita212\Pitaschio.exe [2008-05-28 12:44:25 90112]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcbf44e8d]
C:\WINDOWS\system32\ujxcppkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"BMcbf44e8d"=Rundll32.exe "C:\WINDOWS\system32\ujxcppkg.dll",s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 21:42:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 14:41:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-05-30 14:44:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 21:44:30

Pre-Run: 728,732,069,888 bytes free
Post-Run: 728,639,188,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

259
 
Hi

Your logs are fine :)

just a couple of orphan registry keys to remove ....

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word Registry:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code: 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcbf44e8d]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMcbf44e8d"=-

Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam
 
It did not ask for a reboot so here are the logs

---------------------------------------
*** ComboFix Log ***
---------------------------------------

ComboFix 08-05-29.1 - KP 2008-06-03 7:55:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2428 [GMT -7:00]
Running from: C:\Documents and Settings\KP.RTD\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KP.RTD\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-02 14:07 . 2008-06-02 14:07 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\SolidWorks 2008
2008-06-02 14:04 . 2008-06-02 14:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-02 14:00 . 2008-06-02 15:00 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\SolidWorks
2008-06-02 13:45 . 2008-06-02 13:45 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\DWGeditor
2008-06-02 13:36 . 2008-06-02 13:36 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-06-02 13:30 . 2008-06-02 13:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-02 13:30 . 2006-09-20 04:40 1,286,656 --------- C:\WINDOWS\system32\dllcache\ole32.dll
2008-06-02 13:30 . 2006-09-20 04:40 399,360 --------- C:\WINDOWS\system32\dllcache\rpcss.dll
2008-06-02 13:30 . 2008-06-02 13:30 23 --ah----- C:\WINDOWS\yacht.xws
2008-06-02 13:24 . 2008-06-02 13:49 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-06-02 13:23 . 2008-06-03 07:06 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-02 13:23 . 2008-06-02 13:48 <DIR> d-------- C:\Program Files\SolidWorks
2008-06-02 13:23 . 2008-06-02 13:49 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008
2008-06-02 13:23 . 2008-06-02 13:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-02 13:23 . 2008-06-02 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-06-02 13:22 . 2006-09-15 05:36 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-06-02 13:22 . 2006-09-15 05:36 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-06-02 13:22 . 2006-09-15 05:36 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-06-02 13:18 . 2008-06-02 13:18 <DIR> d-------- C:\Program Files\MSECache
2008-06-02 13:18 . 2008-06-02 13:18 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-02 13:15 . 2008-06-02 13:15 <DIR> d-------- C:\Program Files\MSBuild
2008-06-02 13:13 . 2008-06-02 13:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-02 13:13 . 2008-06-02 13:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-02 13:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-02 13:12 . 2008-06-03 07:04 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-06-02 10:42 . 2008-06-02 14:08 <DIR> d-------- C:\SolidWorks Data
2008-06-02 10:38 . 2008-06-02 10:40 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Installation Manager
2008-06-02 10:31 . 2008-06-02 13:09 <DIR> d-------- C:\WINDOWS\SolidWorks
2008-06-02 10:30 . 2008-06-03 07:07 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\IM
2008-06-02 09:59 . 2008-06-02 09:59 218,624 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-06-02 09:44 . 2008-06-02 09:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-02 09:23 . 2008-06-02 09:23 <DIR> d-------- C:\Documents and Settings\Kevin
2008-05-30 14:14 . 2008-05-30 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 14:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 14:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 14:11 . 2008-05-30 14:49 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-30 14:09 . 2008-05-30 14:09 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-30 13:50 . 2008-05-30 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 13:36 . 2008-05-30 14:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-30 13:36 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 10:15 . 2008-05-30 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 13:30 . 2006-02-20 22:27 81,987 --a------ C:\WINDOWS\system32\AUCPLMNT.DLL
2008-05-29 13:27 . 2008-05-29 13:30 <DIR> d-a------ C:\Program Files\Canon
2008-05-29 10:15 . 2008-05-29 10:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 10:15 . 2008-05-29 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 07:54 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-29 07:44 . 2008-05-29 07:44 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 16:13 . 2008-05-28 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Program Files\Bonjour
2008-05-28 15:55 . 2008-05-28 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-28 15:48 . 2008-05-28 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-28 15:22 . 2008-05-30 11:42 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\OpenOffice.org2
2008-05-28 15:08 . 2008-05-28 17:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 14:44 . 2008-05-28 14:44 <DIR> d-------- C:\Program Files\7-Zip
2008-05-28 14:31 . 2008-05-28 14:31 <DIR> d-------- C:\Program Files\Google Hacks
2008-05-28 13:35 . 2008-05-28 13:35 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-28 13:14 . 2008-05-28 13:21 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\FileZilla
2008-05-28 13:12 . 2008-05-28 13:12 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-05-28 12:49 . 2008-05-28 12:49 <DIR> d-------- C:\Program Files\RocketDock
2008-05-28 12:44 . 2008-06-02 10:03 <DIR> d-------- C:\Mod
2008-05-28 12:23 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-05-28 12:23 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-05-28 11:47 . 2008-06-02 14:39 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-28 11:47 . 2008-05-28 11:47 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\Thunderbird
2008-05-28 08:20 . 2005-09-28 14:24 2,164,411 --a------ C:\WINDOWS\system32\haspds_windows.dll
2008-05-28 08:20 . 2001-09-28 19:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-05-28 08:20 . 2005-06-21 12:10 24,576 --a------ C:\WINDOWS\system32\hdsuinst.exe
2008-05-28 08:10 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-05-28 08:10 . 2006-11-22 10:01 327,168 --a------ C:\WINDOWS\system32\drivers\akshasp.sys
2008-05-28 08:10 . 2006-10-16 19:35 104,576 --a------ C:\WINDOWS\system32\drivers\aksclass.sys
2008-05-28 08:10 . 2006-11-22 10:01 100,096 --a------ C:\WINDOWS\system32\drivers\aksusb.sys
2008-05-28 08:10 . 2006-10-16 19:35 7,168 --a------ C:\WINDOWS\system32\akscoinst.dll
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Common Files\WinMain
2008-05-28 08:09 . 2008-05-28 08:09 <DIR> d-------- C:\Program Files\Codejock Software
2008-05-28 08:08 . 2008-05-28 08:11 <DIR> d-------- C:\mcamx
2008-05-28 08:04 . 2008-05-28 08:04 4,128 --a------ C:\INFCACHE.1
2008-05-28 07:56 . 2008-05-28 07:56 <DIR> d-------- C:\Program Files\Common Files\SYSPRO
2008-05-28 07:54 . 2008-05-28 07:56 <DIR> d-------- C:\SYSPRO60
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Common Files\Business Objects
2008-05-28 07:52 . 2008-05-28 07:52 <DIR> d-------- C:\Program Files\Business Objects
2008-05-28 07:44 . 2008-05-28 07:44 <DIR> d-------- C:\Downloads
2008-05-28 07:39 . 2008-05-28 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-28 07:24 . 2008-05-28 07:39 <DIR> d-------- C:\Program Files\ESET
2008-05-28 07:16 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP.RTD\Application Data\InstallShield
2008-05-28 07:16 . 2008-06-03 07:05 <DIR> d-------- C:\Documents and Settings\KP.RTD
2008-05-27 15:25 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-27 15:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 15:09 . 2008-05-27 15:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 15:05 . 2008-05-27 15:05 <DIR> d---s---- C:\Documents and Settings\KP\UserData
2008-05-27 15:05 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-27 15:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-27 15:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-27 15:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-27 14:55 . 2008-05-29 07:18 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 14:53 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\KP\Application Data\InstallShield
2008-05-27 14:53 . 2008-05-27 15:05 <DIR> d-------- C:\Documents and Settings\KP
2008-05-27 14:46 . 2004-08-03 20:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-27 14:46 . 2001-08-17 11:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-27 14:46 . 2001-08-17 12:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-27 14:46 . 2008-05-27 14:46 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-20 23:36 . 2008-05-20 23:36 61 --a------ C:\WINDOWS\smscfg.ini
2008-05-20 23:33 . 2008-05-28 12:58 <DIR> d-------- C:\Program Files\Google
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Program Files\Dell
2008-05-20 23:33 . 2008-05-20 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Program Files\CyberLink
2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-20 23:32 . 2007-03-02 12:33 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-20 23:32 . 2007-03-02 12:33 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-05-20 23:32 . 2007-03-02 12:33 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-20 23:32 . 2007-03-02 12:33 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-20 23:32 . 2007-03-02 12:33 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-20 23:32 . 2008-05-30 07:42 427 --a------ C:\WINDOWS\wininit.ini
2008-05-20 23:31 . 2008-05-27 15:02 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-20 23:31 . 2008-05-20 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-20 23:31 . 2004-08-04 03:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-20 23:31 . 2007-01-03 11:21 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-20 23:28 . 2008-05-20 23:28 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-20 23:27 . 2008-05-20 23:27 <DIR> d-------- C:\Program Files\Dell SAS RAID Storage Manager
2008-05-20 23:26 . 2008-05-27 15:00 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-05-20 23:25 . 2008-05-28 15:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 16:59 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-30_14.44.16.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-02 20:18:21 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-06-02 20:18:20 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-06-02 20:18:16 461,616 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2008-06-02 20:18:19 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-06-02 20:18:16 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-02 20:18:19 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-06-02 20:18:21 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-06-02 20:18:17 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-06-02 20:18:19 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-06-02 20:13:06 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-06-02 20:13:37 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-06-02 20:13:39 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-06-02 20:13:05 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-06-02 20:13:36 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-06-02 20:13:36 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-06-02 20:13:39 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-06-02 20:13:39 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-06-02 20:13:39 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-06-02 20:13:39 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-06-02 20:13:38 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-06-02 20:13:38 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-06-02 20:13:39 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-06-02 20:13:07 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-06-02 20:13:07 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-06-02 20:13:07 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-06-02 20:13:07 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-06-02 20:13:07 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-06-02 20:13:10 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-06-02 20:13:10 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-06-02 20:13:08 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-06-02 20:13:40 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-06-02 20:15:03 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-06-02 20:15:03 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-06-02 20:15:03 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-06-02 20:13:39 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-06-02 20:13:39 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-06-02 20:13:39 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-06-02 20:13:38 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-06-02 20:13:36 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-06-02 20:13:40 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-06-03 14:41:05 503,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\373d5acced35e392e1f413a69042340d\ComSvcConfig.ni.exe
+ 2008-06-03 14:41:07 1,114,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\019a85babfbe02cecdbb63a65d391aba\Microsoft.Transactions.Bridge.ni.dll
+ 2008-06-03 14:41:08 401,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb8d7b6cc6827e9f2d66c4d7ef9b5d54\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-06-02 20:14:02 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-06-03 14:41:17 1,564,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\41bd82648d480ec304ea0c04034787bc\PresentationBuildTasks.ni.dll
+ 2008-06-02 20:14:21 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9385f2c37b2e00e06ec3f57153f63a2d\PresentationCFFRasterizer.ni.dll
+ 2008-06-02 20:14:20 11,980,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\7e413273e9d6710be8a39dcce2e45c2c\PresentationCore.ni.dll
+ 2008-06-02 20:14:50 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\599806acdd6dc0aeed19ebf9d622dcad\PresentationFontCache.ni.exe
+ 2008-06-02 20:14:48 552,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0766df362854f0330a4a45179773657e\PresentationFramework.Luna.ni.dll
+ 2008-06-02 20:14:48 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8aaa2b56f733902cc1ba9d8300d2a0e3\PresentationFramework.Royale.ni.dll
+ 2008-06-02 20:14:47 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d87c2740add3b0f86833159ce57c71ec\PresentationFramework.Classic.ni.dll
+ 2008-06-02 20:14:39 14,659,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\de20226274a5739a4b42d8e26b546180\PresentationFramework.ni.dll
+ 2008-06-02 20:14:49 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e389aa7f3dd4eb1ee585724f130a79cb\PresentationFramework.Aero.ni.dll
+ 2008-06-02 20:14:41 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\f97ac4e9c402e98d2b5b7114e4fbbd2a\PresentationUI.ni.dll
+ 2008-06-02 20:14:44 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\1fe0f79dd0d47e4d1eb474f98a1949fb\ReachFramework.ni.dll
+ 2008-06-03 14:41:08 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\0bcc4abbe0c5c3feeda7f711304ac4a0\ServiceModelReg.ni.exe
+ 2008-06-03 14:41:09 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5e3765ee346151c26a3793ddf3a8d6d7\SMDiagnostics.ni.dll
+ 2008-06-03 14:41:10 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c6f33f28f5bb403981ac148da447e3c5\SMSvcHost.ni.exe
+ 2008-06-03 14:41:23 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll
+ 2008-06-02 20:14:06 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-06-02 20:14:06 1,183,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-06-02 20:14:02 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-06-03 14:40:39 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\dd8f551c39409fa95b0c22cf2ee48b65\System.IdentityModel.Selectors.ni.dll
+ 2008-06-03 14:40:38 978,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\581d8571e61ebe24154ae912624c3c9d\System.IdentityModel.ni.dll
+ 2008-06-03 14:40:40 417,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\86cd41998dc72b213d9464b56fe245b9\System.IO.Log.ni.dll
+ 2008-06-02 20:15:17 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll
+ 2008-06-02 20:14:45 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\690a965457e274ad13f6b1f9ac2bad4e\System.Printing.ni.dll
+ 2008-06-02 20:14:04 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-06-02 20:14:04 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-06-03 14:40:43 2,351,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c4838d300f677f34c9d44ead84b8603b\System.Runtime.Serialization.ni.dll
+ 2008-06-03 14:41:04 17,354,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7a2bc3302a133e235ec99193c56a0571\System.ServiceModel.ni.dll
+ 2008-06-03 14:41:22 2,039,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d38908d5c6a11dd7dceaf9bd34adb437\System.Speech.ni.dll
+ 2008-06-02 20:15:09 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5e0df5685ce40f838eea52a5f1454b68\System.Workflow.Activities.ni.dll
+ 2008-06-02 20:15:14 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\2689e361e42d0bb9e3d19f1ecd30c26a\System.Workflow.ComponentModel.ni.dll
+ 2008-06-02 20:15:16 2,093,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\41b6c3a0c115c43c53697efa1607fe49\System.Workflow.Runtime.ni.dll
+ 2008-06-03 14:41:26 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f61803ded1c123ed9ed5849e7dcebf25\UIAutomationClient.ni.dll
+ 2008-06-03 14:41:27 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\679889309b57024e8abbe80c6c7d48bc\UIAutomationClientsideProviders.ni.dll
+ 2008-06-02 20:14:20 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9865738a916ad3664dd374582b9ea873\UIAutomationProvider.ni.dll
+ 2008-06-02 20:14:21 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\71605ce631809dcbfba38842fdf59acf\UIAutomationTypes.ni.dll
+ 2008-06-02 20:13:59 3,260,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\50652bfd061ead84841e6c9bfffacfb1\WindowsBase.ni.dll
+ 2008-06-03 14:41:29 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2c96738a6ba8ff9e88889f331590e181\WindowsFormsIntegration.ni.dll
+ 2008-06-03 14:41:11 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\02436080d129210828823210ce879fd8\WsatConfig.ni.exe
- 2008-05-30 21:39:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 14:07:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\updspapi.dll
+ 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\ARPPRODUCTICON.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditor_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditor1_C1A7EF455E1B4799AB173C52D9FB3A0E.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditorEnNo_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:45:19 61,440 ----a-r C:\WINDOWS\Installer\{0AC7DF16-E500-40C0-91C5-563616063037}\DWGEditorEnNo1_C1A7EF455E1B4799AB173C52D9FB3A0E.exe
+ 2008-06-02 20:18:25 217,864 ----a-r C:\WINDOWS\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
+ 2008-06-02 20:36:35 91,648 ----a-r C:\WINDOWS\Installer\{E69411C0-8D66-4F9C-B6D6-9ED2FB89D0E4}\eModelViewer.exe
+ 2008-06-02 20:36:35 19,790 ----a-r C:\WINDOWS\Installer\{E69411C0-8D66-4F9C-B6D6-9ED2FB89D0E4}\eModelViewer1.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\CopyOptWiz.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldRx.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldRxexeSDK_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:30:04 65,536 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldRxexeSE_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2008-06-02 20:30:04 61,440 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\i386_SldWorks.exe
+ 2008-06-02 20:30:04 61,440 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\SldConverter.exe
+ 2008-06-02 20:30:04 40,960 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\swlmwizard.exe
+ 2008-06-02 20:30:04 61,440 ----a-r C:\WINDOWS\Installer\{F0CAAA28-B83C-4077-9FA0-6E30253E4842}\swScheduler.exe
+ 2008-06-02 20:40:39 19,790 ----a-r C:\WINDOWS\Installer\{F2AA5A35-33F1-49F4-848B-33CD86F0D647}\ARPPRODUCTICON.exe
+ 2008-06-02 20:40:39 61,440 ----a-r C:\WINDOWS\Installer\{F2AA5A35-33F1-49F4-848B-33CD86F0D647}\NewShortcut4_9D476422816D4D9D9C5BF92FD1B36102.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\ARPPRODUCTICON.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut1.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut1.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut2.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut2.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut3.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2008-06-02 20:49:24 61,440 ----a-r C:\WINDOWS\Installer\{F3001614-FB0E-4533-ACB6-7842388DD92F}\NewShortcut3_2723AB6ADE8640EEAA77EC7E47C4DF34.exe
+ 2006-10-30 11:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2006-10-30 10:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-30 06:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2006-10-30 06:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2006-10-30 06:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-30 10:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-30 10:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 10:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 10:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 10:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 10:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 10:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 10:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
+ 2006-10-30 10:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 10:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 10:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 10:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 10:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 10:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 10:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 10:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 10:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 10:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 10:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 10:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 10:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 10:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 10:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 10:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 10:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 10:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-30 06:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-30 06:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-30 06:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-30 06:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-30 06:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-30 06:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-30 10:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-30 10:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 10:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 10:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 10:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-30 10:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 10:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 10:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 10:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 10:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 10:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 10:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 10:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 10:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 10:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 10:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 10:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 10:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 10:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 10:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 10:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 10:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 10:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-30 06:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-30 06:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-30 10:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 10:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-06-02 20:12:58 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2008-06-02 20:12:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-30 10:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2006-10-30 10:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 10:34:02 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-10-30 10:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 10:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 10:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 10:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 10:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 10:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-30 10:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 10:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 10:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-07-26 04:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-20 23:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-20 23:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-20 21:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-21 04:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-10-21 04:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-21 04:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-21 04:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-21 04:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-21 04:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Glossy1\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Glossy2\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Glossy2C\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\normalcolor\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth1\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth1C\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth2\Shellstyle.dll
+ 2008-01-19 17:51:25 44,032 ----a-w C:\WINDOWS\Resources\Themes\NiteXPm3\Shell\Smooth2C\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\Blue2\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\Blue22\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\Blue3\Shellstyle.dll
+ 2006-08-29 20:39:54 747,008 ----a-w C:\WINDOWS\Resources\Themes\Pristine\Shell\NormalColor\Shellstyle.dll
+ 2008-02-29 12:12:16 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese-simplified\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:22 122,880 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese-simplified\sldIMresu.dll
+ 2008-02-29 12:12:14 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:22 126,976 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\chinese\sldIMresu.dll
+ 2008-02-29 12:12:22 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\czech\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:36 200,704 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\czech\sldIMresu.dll
+ 2008-02-29 12:12:16 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\english\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:24 196,608 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\english\sldIMresu.dll
+ 2008-02-29 12:12:16 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\french\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:26 221,184 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\french\sldIMresu.dll
+ 2008-02-29 12:12:18 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\german\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:26 225,280 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\german\sldIMresu.dll
+ 2008-02-29 12:12:18 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\italian\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:28 212,992 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\italian\sldIMresu.dll
+ 2008-02-29 12:12:18 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\japanese\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:30 159,744 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\japanese\sldIMresu.dll
+ 2008-02-29 12:12:22 487,424 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\korean\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:34 143,360 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\korean\sldIMresu.dll
+ 2008-02-29 12:12:20 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\polish\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:30 208,896 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\polish\sldIMresu.dll
+ 2008-02-29 12:12:22 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\portuguese-brazilian\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:38 212,992 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\portuguese-brazilian\sldIMresu.dll
+ 2008-02-29 12:12:20 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\russian\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:32 208,896 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\russian\sldIMresu.dll
+ 2008-02-29 12:12:20 491,520 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\spanish\sldadminoptioneditorresu.dll
+ 2008-02-29 12:11:34 221,184 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\lang\spanish\sldIMresu.dll
+ 2008-02-29 20:09:26 83,736 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\regval.exe
+ 2008-02-29 20:09:26 767,256 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\sldadminoptioneditor.exe
+ 2008-02-29 20:09:24 6,767,896 ----a-w C:\WINDOWS\SolidWorks\IM_20080-40301-1100-200\sldim\sldIM.exe
- 2007-08-14 01:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-14 01:39:00 123,904 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-14 01:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-14 01:54:10 131,584 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-10-14 23:43:18 27,648 ------w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2007-08-14 01:39:06 54,784 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-14 01:39:54 229,376 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-14 00:56:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-14 01:39:50 382,976 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-14 01:39:10 43,008 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-14 01:43:56 622,080 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-14 01:54:10 27,136 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-14 01:54:12 3,578,368 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-02 01:36:30 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-14 01:54:10 475,648 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-14 01:44:26 192,000 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-14 01:54:10 670,720 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-14 01:44:06 101,376 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-14 01:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-10-14 23:44:44 671,744 ------w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2007-08-14 01:44:30 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-14 01:54:10 1,162,240 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-14 01:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-14 01:54:10 231,424 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-14 01:54:10 818,688 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-10-15 03:21:58 580,352 ------w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2006-10-15 03:22:00 1,698,048 ------w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
+ 2007-04-14 21:10:40 113,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_AF7F37E9A9915C11C74CCDC4D0974682050F02B7\physX32.sys
- 2007-08-14 01:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2006-10-21 04:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2006-10-21 04:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
- 2007-08-14 01:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 1999-04-06 16:55:22 1,109,264 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 1999-04-06 16:55:24 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-05-29 13:37:34 1,408,896 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-02 20:57:01 1,426,792 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2006-10-30 10:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
- 2007-08-14 01:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-10-30 10:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
- 2007-08-14 01:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-14 01:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-14 00:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 23:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 19:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-14 01:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-14 01:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 01:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-14 01:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-14 01:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-30 10:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2007-08-14 01:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2002-01-05 11:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 11:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2006-10-21 04:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
- 2004-08-04 10:00:00 18,944 ----a-w C:\WINDOWS\system32\mimefilt.dll
+ 2006-09-15 12:36:32 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll
- 2007-08-14 01:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-14 01:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-14 01:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-02 01:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-14 01:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-14 01:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2000-04-04 00:52:52 94,208 ----a-w C:\WINDOWS\system32\msstkprp.dll
- 2007-08-14 01:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2002-01-05 10:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2003-04-18 23:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 23:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
- 2004-08-04 10:00:00 103,936 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2006-09-15 12:36:32 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll
- 2007-08-14 01:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2004-08-04 10:00:00 120,832 ----a-w C:\WINDOWS\system32\offfilt.dll
+ 2006-09-15 12:36:32 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll
- 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2006-09-20 11:40:23 1,286,656 ----a-w C:\WINDOWS\system32\ole32.dll
- 2008-05-28 17:47:57 64,200 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-03 14:04:35 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-28 17:47:57 407,670 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-03 14:04:35 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-24 19:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
+ 2007-08-10 15:45:34 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
- 2007-08-14 01:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-21 04:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-21 04:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2006-10-21 04:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2006-10-21 04:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2006-10-14 23:43:38 124,416 ------w C:\WINDOWS\system32\prntvpt.dll
+ 2006-08-24 23:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
- 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2006-09-20 11:40:23 399,360 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 1999-04-06 16:55:30 15,872 ----a-w C:\WINDOWS\system32\SCP32.DLL
- 2008-03-20 21:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-01-03 18:21:06 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-10-14 23:42:40 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2006-10-14 23:42:18 376,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2006-10-14 23:42:28 510,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2006-10-14 23:40:36 619,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 23:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2006-10-14 23:44:44 671,744 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-15 00:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2006-10-15 00:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2006-10-15 03:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2006-10-15 00:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2006-10-15 03:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2006-10-21 04:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2007-08-14 01:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-14 01:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 1999-04-06 16:55:32 40,960 ----a-w C:\WINDOWS\system32\VBAME.DLL
- 2007-08-14 01:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-24 19:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 19:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
- 2007-08-14 01:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-10-24 19:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
+ 2001-10-29 15:44:36 397,856 ----a-w C:\WINDOWS\system32\XceedZip.dll
+ 2006-10-15 03:21:58 580,352 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2006-10-15 03:22:00 1,698,048 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2006-10-21 04:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-08-22 02:46:34 59,160 ----a-w C:\WINDOWS\system32\zlib.dll
+ 2008-06-02 20:27:24 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-06-02 20:27:25 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 13:44 178712]
"Popup"="C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-07-20 14:53 77922]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-18 17:48 1015808]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-13 16:31 8523776]
"SolidWorks_CheckForUpdates"="C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-02-29 13:09 6767896]

C:\Documents and Settings\KP.RTD\Start Menu\Programs\Startup\
Shortcut to Pitaschio.exe.lnk - C:\Mod\pita212\Pitaschio.exe [2008-05-28 12:44:25 90112]
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-02-29 07:08:22 488728]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoUserNameInStartMenu"= 01000000

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 14:10:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 07:57:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 7:58:39
ComboFix-quarantined-files.txt 2008-06-03 14:58:32
ComboFix2.txt 2008-05-30 21:44:33

Pre-Run: 720,155,189,248 bytes free
Post-Run: 720,376,569,856 bytes free

636 --- E O F --- 2008-06-02 14:03:21
 
---------------------------------------
*** Hijack This Log ***
---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:00, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Mod\pita212\Pitaschio.exe
C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\KP.RTD\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080521
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Shortcut to Pitaschio.exe.lnk = C:\Mod\pita212\Pitaschio.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211925922437
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9144E09-E65B-4526-8350-54BACC882463}: NameServer = 205.1.1.1,206.13.29.12
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8515 bytes
 
HI

Looking good :)

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Clipboard01-1.gif


Then please run & post a new KASPERSKY ONLINE SCANNER REPORT

& I should be able to give you the "all clear"

steam
 
--------------------------------
*** KAS Log ***
--------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-06-03 15:36
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 826461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
P:\
U:\

Scan Statistics:
Total number of scanned objects: 156596
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:55:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302008-140949.log Object is locked skipped
C:\Documents and Settings\KP.RTD\Application Data\IM\sldIMSchedulerLog_20080-40301-1100_00004.txt Object is locked skipped
C:\Documents and Settings\KP.RTD\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\History\History.IE5\MSHist012008060320080604\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\Perflib_Perfdata_470.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0002\~efe2.tmp Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\~DFE203.tmp Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temp\~DFE895.tmp Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KP.RTD\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\KP.RTD\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Dell SAS RAID Storage Manager\Framework\start.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9F14F2D9-251E-4A80-B2D2-089E0734F430}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hlktmp Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\556 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

Excellent :)

that's what I like to see :-

Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0

Before you leave the site ...

Please Have a look here at ways to keep your computer safe :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

Happy surfing

steam
 
Hi

You're very welcome :)

As this thread is resolved, :) it is now locked.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
 
Status
Not open for further replies.
Back
Top