

Pop-ups,sluggish Computer,hid Norton Symbol. (found Check_lsa7)
#16
Posted 14 September 2007 - 06:39 AM

Register to Remove
#17
Posted 14 September 2007 - 06:51 AM
- Hi
i was wondering if i should just re-format the computer?
No need for that, the infection is a bit stubborn, but it will go sooner or later
i've noticed that pop-ups only happen when im on internetexplorer. just giving u some info
Okthose pop-ups are related to the infection we are attempting to remove.
- Please try again to make an Uninstall List:
Make an Uninstall List
- To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and save the file to a convenient location. When you press Save, Notepad will open with the contents of that file.
Combofix
- Open Notepad, and copy/paste the text in the quotebox below into it:
File:: C:\WINDOWS\system32\jjkmp.bak1 C:\WINDOWS\system32\pmkjj.dll C:\WINDOWS\system32\gzmrot-uninst.exe C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\gzmrotate.dll Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A3AD9DB-3B6F-44E0-ABD1-EFD08E959F47}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"=-
- Save this as "CFScript".
- Referring to the picture above, drag CFScript into ComboFix.exe.
- It will create a log. Post it here, along with the Uninstall List (if it worked), and a new HijackThis log.


So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
#18
Posted 14 September 2007 - 07:40 AM
uninstall log
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adssite Browser Optimizer
AppCore
Apple Mobile Device Support
Apple Software Update
Armadillo Run Demo Version 1.0.5
AV
Battlefield 2 Demo
Blaze Audio VoiceSFX Trial
ccCommon
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
iTunes
Java 6 Update 2
Kaspersky Online Scanner
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
mIRC
MSRedist
MSXML 4.0 SP2 (KB936181)
Nero - Burning Rom
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
NVIDIA WDM Drivers
Paint.NET v3.10
PC Connectivity Solution
QuickTime
Realtek High Definition Audio Driver
Rightonadz Browser Optimizer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SPBBC 32bit
Steam
Symantec KB-DocID:2003093015493306
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Ventrilo Client
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xilisoft Video Converter
XpertVision 5.1
Combofix
ComboFix 07-09-10.6 - "Sachi Eapen" 2007-09-14 23:17:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1494 [GMT 10:00]
Command switches used :: C:\Documents and Settings\Sachi Eapen\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\qelbcscs.dll
C:\WINDOWS\system32\scscbleq.ini
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-13 07:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-13 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-12 22:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 20:00 <DIR> d-------- C:\Program Files\Paint.NET
2007-09-12 17:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-12 17:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-12 17:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-12 17:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-12 17:43 <DIR> d-------- C:\VundoFix Backups
2007-09-12 17:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-12 06:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-12 06:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 22:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 17:20 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-09-11 16:52 <DIR> d-------- C:\WINDOWS\pss
2007-09-11 16:26 <DIR> d-------- C:\Program Files\Google
2007-09-10 16:34 36,576 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-09-10 16:32 244,832 --------- C:\WINDOWS\system32\pmkjj.dll
2007-09-09 22:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\BitTorrent DNA
2007-09-09 21:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\WinRAR
2007-09-09 21:28 39,881 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-09 21:27 55,592 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-09-07 22:33 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-07 21:25 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia Multimedia Player
2007-09-07 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-07 21:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia
2007-09-07 21:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-07 21:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-07 21:17 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-07 21:17 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-07 21:17 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-07 21:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-09-07 07:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Phone Browser
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\PC Suite
2007-09-06 23:34 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 22:37 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-05 22:37 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-05 22:37 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-05 22:37 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-01 11:39 <DIR> d-------- C:\Program Files\ahead
2007-08-31 13:07 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2007-08-30 21:17 66 --a------ C:\WINDOWS\system32\MASHTWTY.SYS
2007-08-30 21:17 <DIR> d-------- C:\Program Files\Blaze Audio
2007-08-27 19:19 <DIR> d-------- C:\DOCUME~1\SACHIE~1\WINDOWS
2007-08-26 14:41 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Ventrilo
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 14:16 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Ventrilo
2007-08-25 11:36 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-25 11:36 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-25 11:36 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-25 11:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Shared
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\LimeWire
2007-08-22 16:53 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-08-22 16:53 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-21 21:50 61,440 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-08-20 18:59 <DIR> d-------- C:\Program Files\mIRC
2007-08-20 18:59 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\mIRC
2007-08-20 18:53 <DIR> d-------- C:\Program Files\Steam
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iTunes
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iPod
2007-08-20 18:46 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Apple Computer
2007-08-20 18:45 <DIR> d-------- C:\Program Files\QuickTime
2007-08-20 18:45 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-20 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-20 18:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-20 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-19 20:31 <DIR> d-------- C:\Program Files\EA GAMES
2007-08-17 17:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Contacts
2007-08-17 17:10 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-17 14:02 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-08-17 13:26 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-17 13:18 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 13:18 <DIR> d-------- C:\WINDOWS\nview
2007-08-17 13:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-17 08:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-17 08:47 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-17 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-17 08:47 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-17 08:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-08-17 08:07 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2007-08-17 08:07 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2007-08-17 08:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-17 08:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-17 08:02 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-08-17 08:02 <DIR> d-------- C:\Program Files\XpertVision
2007-08-17 08:00 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-17 07:56 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-08-17 07:55 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-17 07:55 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 17:23 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-11 17:23 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-26 14:27 520192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-17 07:50 315392 --a------ C:\WINDOWS\HideWin.exe
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.
((((((((((((((((((((((((((((( snapshot_2007-09-12_225811.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 68,608 2007-09-13 21:14:17 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-13 21:14:35 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-13 21:14:36 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,902,016 2007-09-13 21:14:29 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-13 21:14:37 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-13 21:14:47 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,156,864 2007-09-13 21:14:23 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-13 21:14:15 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2007-09-13 21:14:07 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-13 21:14:10 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-13 21:14:32 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-13 21:14:33 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-13 21:14:34 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-13 21:14:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-13 21:14:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-13 21:14:14 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 749,568 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-13 21:14:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-13 21:14:52 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-13 21:14:41 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 2,940,928 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 413,696 2007-09-13 21:14:43 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-13 21:14:38 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 888,832 2007-09-13 21:14:09 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,001,216 2007-09-13 21:14:30 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-13 21:14:19 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 577,536 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-13 21:14:21 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 372,736 2007-09-13 21:14:39 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-13 21:14:46 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-13 21:14:16 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-13 21:14:22 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-13 21:14:48 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-13 21:14:24 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-13 21:14:25 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,152,768 2007-09-13 21:14:26 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,027,520 2007-09-13 21:14:28 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 26,624 2007-09-13 22:03:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e3f8e70963e1579fe3288d2cc7e44e85\Accessibility.ni.dll
----a-w 888,832 2007-09-13 22:03:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7cd12c95f2cb66e38e13b322b653ef3b\AspNetMMCExt.ni.dll
----a-w 237,568 2007-09-13 22:04:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5a17ce720b31646449abb92c3d4290f6\CustomMarshalers.ni.dll
----a-w 102,400 2007-09-13 22:04:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\4c95d38a4fd4921c7674157033fbaad2\DdsFileType.ni.dll
----a-w 15,360 2007-09-13 22:04:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\129bdd384ed597ad342643e416773eec\dfsvc.ni.exe
----a-w 499,712 2007-09-13 22:04:03 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\2d392d8c1b27748b59169a1eab4c6a26\ICSharpCode.SharpZipLib.ni.dll
----a-w 114,688 2007-09-13 22:03:53 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\62d0f532535e38c29565e1484b6d2a55\Interop.WIA.ni.dll
----a-w 880,640 2007-09-13 22:04:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\33a2b028e680426f3766aa0b9b8c54f5\Microsoft.Build.Engine.ni.dll
----a-w 81,920 2007-09-13 22:04:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\469ab9225153177bd9bace6256c1334b\Microsoft.Build.Framework.ni.dll
----a-w 1,687,552 2007-09-13 22:04:46 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6570d71032ab19773702e306b6860666\Microsoft.Build.Tasks.ni.dll
----a-w 163,840 2007-09-13 22:04:48 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#2189214d62873336c34cca282ac870d\Microsoft.Build.Utilities.ni.dll
----a-w 1,720,320 2007-09-13 22:04:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2bb3222f607b2a5f80f191129ebb9a49\Microsoft.VisualBasic.ni.dll
----a-w 11,304,960 2007-09-13 21:06:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\94126ac85ed603c9cf102c946c574248\mscorlib.ni.dll
----a-w 2,035,712 2007-09-13 22:04:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet\4190e2c1112bee8b20b3495e864c9a30\PaintDotNet.ni.exe
----a-w 98,304 2007-09-13 22:03:47 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\efcd9417128571948c81e760c58abbad\PaintDotNet.Base.ni.dll
----a-w 1,454,080 2007-09-13 22:03:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\cfc997ea22f38d4b750c640aa4ce8d1a\PaintDotNet.Core.ni.dll
----a-w 659,456 2007-09-13 22:03:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\e6e355df775930d16534835dec8cdd3d\PaintDotNet.Data.ni.dll
----a-w 606,208 2007-09-13 22:04:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\5ecb6c564d216acdf5bb8886e16d2c32\PaintDotNet.Effects.ni.dll
----a-w 544,768 2007-09-13 22:03:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\8bb9f71e0a88f5bd475e2855ef3d7296\PaintDotNet.Resources.ni.dll
----a-w 22,016 2007-09-13 22:03:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\31be5d49117c2c7f945fc22baeb56b4e\PaintDotNet.StylusReader.ni.dll
----a-w 540,672 2007-09-13 22:03:50 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\758f097758c4a5f0c2cc52ec7b6f7424\PaintDotNet.SystemLayer.ni.dll
----a-w 8,130,560 2007-09-13 21:07:15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\d7398c0a831a8f34930ac63c8fb2d5cb\System.ni.dll
----a-w 1,003,520 2007-09-13 22:03:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e40ef383c1c55f6457867b0e7ebdb4a\System.Configuration.ni.dll
----a-w 6,676,480 2007-09-13 21:07:38 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\e6c2afe0979e5b17aa21ede171ac92c3\System.Data.ni.dll
----a-w 2,695,168 2007-09-13 22:03:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\3a0364960beafb4617420c614f485c51\System.Data.SqlXml.ni.dll
----a-w 1,724,416 2007-09-13 22:03:45 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\d28084db81f965b09e10a0b8dab429eb\System.Deployment.ni.dll
----a-w 10,702,848 2007-09-13 21:12:13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\28e0c28804f0a9fd240ecacee3bc80ec\System.Design.ni.dll
----a-w 512,000 2007-09-13 22:04:55 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7e33a191a69118f84fe4b34b46f1dd9c\System.DirectoryServices.Protocols.ni.dll
----a-w 1,216,512 2007-09-13 22:04:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c8c7ef754ccdc266b70f822c64bdf80e\System.DirectoryServices.ni.dll
----a-w 1,601,536 2007-09-13 21:12:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e1e7f81a7649db69e386036bbfbe7536\System.Drawing.ni.dll
----a-w 229,376 2007-09-13 21:12:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8551095999dcad4b93d09cc3fbb5b08b\System.Drawing.Design.ni.dll
----a-w 659,456 2007-09-13 22:04:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b7708c7ea08ffa51ae6ac0e33a2ee776\System.EnterpriseServices.ni.dll
----a-w 294,912 2007-09-13 22:04:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b7708c7ea08ffa51ae6ac0e33a2ee776\System.EnterpriseServices.Wrapper.dll
----a-w 339,968 2007-09-13 22:03:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e4eea122974f579880cc241a56c13547\System.Runtime.Serialization.Formatters.Soap.ni.dll
----a-w 729,088 2007-09-13 22:03:42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\a3c6e10df8b8ef0880db5d0f43b1690a\System.Security.ni.dll
----a-w 684,032 2007-09-13 22:04:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\dff93599f54f9d99b7896c901f4518e3\System.Transactions.ni.dll
----a-w 12,185,600 2007-09-13 22:05:12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\701ca24c2ee9cc87adfb6103b92476bb\System.Web.ni.dll
----a-w 2,306,048 2007-09-13 22:05:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92ebbdde57f91e5a7c9ce65f18641cff\System.Web.Mobile.ni.dll
----a-w 237,568 2007-09-13 22:05:18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\fa7e1b4bdb3da5e7e5afcbbb9ae8bac3\System.Web.RegularExpressions.ni.dll
----a-w 1,941,504 2007-09-13 22:05:21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1df93ef1356fa594d0b27e60c7143a04\System.Web.Services.ni.dll
----a-w 13,107,200 2007-09-13 21:12:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\de3f835565e852f631d2d35e18aeb8d5\System.Windows.Forms.ni.dll
----a-w 5,623,808 2007-09-13 21:16:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a0716d4926ca6948100c0c89e7178f64\System.Xml.ni.dll
----a-w 1,297,910 2007-09-13 21:13:07 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DB.tmp\System.Xml.dll
----a-w 29,696 2007-09-13 22:04:36 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\e8ebb82f35f85c7da79b1cc9254511aa\WiaProxy32.ni.exe
----a-r 290,182 2007-09-13 03:01:42 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 58,712 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 507,904 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 75,264 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 32,608 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 33,632 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 32,600 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 5,120 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 228,688 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 749,568 2007-04-12 17:21:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,040 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 802,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,656 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,912 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 227,328 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 68,952 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,634,048 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 99,152 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 15,360 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 382,464 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 413,696 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,902,016 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 888,832 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,001,216 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 2,940,928 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 577,536 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 372,736 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,156,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,152,768 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,027,520 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,166,672 2007-04-12 17:21:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,330,688 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 406,016 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 271,360 2007-04-12 17:21:14 C:\WINDOWS\system32\mscoree.dll
----a-w 58,732 2007-09-13 21:15:09 C:\WINDOWS\system32\perfc009.dat
----a-w 392,432 2007-09-13 21:15:09 C:\WINDOWS\system32\perfh009.dat
----a-w 213,048 2005-05-24 01:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----atw 16,384 2007-09-14 13:28:49 C:\WINDOWS\Temp\Perflib_Perfdata_b1c.dat
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
----a-w 68,608 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-12 09:37:34 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-12 09:37:42 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,878,976 2007-09-12 09:37:14 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-12 09:37:45 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-12 09:38:06 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,025,792 2007-09-12 09:37:07 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-12 09:36:58 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 503,808 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-12 09:36:48 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-12 09:37:18 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-12 09:37:21 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-12 09:37:23 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-12 09:36:51 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-12 09:36:54 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-12 09:36:56 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-12 09:36:57 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 745,472 2007-09-12 09:36:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-12 09:38:09 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-12 09:38:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-12 09:38:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-12 09:36:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-12 09:38:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-12 09:36:34 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-12 09:36:35 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-12 09:37:55 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 3,018,752 2007-09-12 09:38:01 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 389,120 2007-09-12 09:37:56 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-12 09:37:01 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-12 09:37:48 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 884,736 2007-09-12 09:36:44 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,050,368 2007-09-12 09:37:15 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-12 09:37:02 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-12 09:37:03 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 700,416 2007-09-12 09:38:02 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-12 09:37:05 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 368,640 2007-09-12 09:37:50 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-12 09:38:04 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-12 09:37:52 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-12 09:37:54 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-12 09:37:06 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-12 09:38:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-12 09:37:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-12 09:37:10 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,316,608 2007-09-12 09:37:12 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,035,712 2007-09-12 09:37:13 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-r 290,182 2007-09-12 10:00:49 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 55,488 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 503,808 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 70,656 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 26,824 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 29,896 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 29,888 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 4,608 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 224,952 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 745,472 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 800,768 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,144 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,400 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 226,816 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 66,240 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,615,616 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 96,440 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 14,848 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 377,344 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 389,120 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,878,976 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 884,736 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,050,368 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 3,018,752 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 700,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 368,640 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,025,792 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,316,608 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,035,712 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,140,920 2005-09-22 21:29:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,306,624 2005-09-22 21:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 298,496 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 16,789,464 2007-08-02 11:34:12 C:\WINDOWS\system32\MRT.exe
----a-w 270,848 2005-09-22 21:28:52 C:\WINDOWS\system32\mscoree.dll
----a-w 59,052 2007-09-12 09:40:39 C:\WINDOWS\system32\perfc009.dat
----a-w 393,070 2007-09-12 09:40:39 C:\WINDOWS\system32\perfh009.dat
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB93D127-3294-4779-BDB7-2C7A63BA21D0}]
2007-09-10 16:33 244832 --------- C:\WINDOWS\system32\pmkjj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [2007-04-23 19:20]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 17:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 11:22]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmkjj
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 11:20:19 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sachi Eapen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 23:28:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\jjkmp.bak1
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2007-09-14 23:30:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-14 23:30
C:\ComboFix2.txt ... 2007-09-14 07:48
C:\ComboFix3.txt ... 2007-09-12 22:58
.
--- E O F ---
New HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:03 PM, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\scanner\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CB93D127-3294-4779-BDB7-2C7A63BA21D0} - C:\WINDOWS\system32\pmkjj.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7421 bytes
#19
Posted 14 September 2007 - 08:43 AM
- Hi
- Before anything else, go to My Computer, double-click on the C: drive and delete every log Combofix has created (ComboFix.txt ComboFix2.txt, etc.)
Uninstall Programs
- Click on Start, then Control Panel. Double click on Add or Remove Programs.
Please remove the following programs:- Adssite Browser Optimizer
- Rightonadz Browser Optimizer
- Open Notepad, and copy/paste the text in the quotebox below into it:
File:: C:\WINDOWS\system32\jjkmp.bak1 C:\WINDOWS\system32\pmkjj.dll C:\WINDOWS\system32\gzmrot-uninst.exe C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\gzmrotate.dll Folder:: C:\VundoFix Backups Registry:: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=msv1_0 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A3AD9DB-3B6F-44E0-ABD1-EFD08E959F47}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"=-
- Save this as "CFScript".
- Referring to the picture above, drag CFScript into ComboFix.exe.
- It will create a log. Post it back here, along with a new HijackThis log.


So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
#20
Posted 14 September 2007 - 10:07 AM
ComboFix 07-09-10.6 - "Sachi Eapen" 2007-09-15 1:54:14.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1506 [GMT 10:00]
Command switches used :: C:\Documents and Settings\Sachi Eapen\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\gzmrot-uninst.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrotate.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\VundoFix Backups\cxbnwkis.ini.bad
C:\VundoFix Backups\drvkix.dll.bad
C:\VundoFix Backups\pmkjj.dll.bad
C:\VundoFix Backups\pstbwcgk.dll.bad
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ixtwppcu.dll
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\ucppwtxi.ini
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-13 07:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-13 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-12 22:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 20:00 <DIR> d-------- C:\Program Files\Paint.NET
2007-09-12 17:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-12 17:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-12 17:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-12 17:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-12 17:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-12 06:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-12 06:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 22:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 17:20 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-09-11 16:52 <DIR> d-------- C:\WINDOWS\pss
2007-09-11 16:26 <DIR> d-------- C:\Program Files\Google
2007-09-10 16:34 36,576 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-09-09 22:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\BitTorrent DNA
2007-09-09 21:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\WinRAR
2007-09-07 22:33 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-07 21:25 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia Multimedia Player
2007-09-07 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-07 21:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia
2007-09-07 21:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-07 21:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-07 21:17 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-07 21:17 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-07 21:17 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-07 21:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-09-07 07:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Phone Browser
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\PC Suite
2007-09-06 23:34 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 22:37 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-05 22:37 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-05 22:37 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-05 22:37 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-01 11:39 <DIR> d-------- C:\Program Files\ahead
2007-08-31 13:07 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2007-08-30 21:17 66 --a------ C:\WINDOWS\system32\MASHTWTY.SYS
2007-08-30 21:17 <DIR> d-------- C:\Program Files\Blaze Audio
2007-08-27 19:19 <DIR> d-------- C:\DOCUME~1\SACHIE~1\WINDOWS
2007-08-26 14:41 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Ventrilo
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 14:16 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Ventrilo
2007-08-25 11:36 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-25 11:36 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-25 11:36 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-25 11:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Shared
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\LimeWire
2007-08-22 16:53 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-08-22 16:53 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-20 18:59 <DIR> d-------- C:\Program Files\mIRC
2007-08-20 18:59 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\mIRC
2007-08-20 18:53 <DIR> d-------- C:\Program Files\Steam
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iTunes
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iPod
2007-08-20 18:46 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Apple Computer
2007-08-20 18:45 <DIR> d-------- C:\Program Files\QuickTime
2007-08-20 18:45 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-20 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-20 18:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-20 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-19 20:31 <DIR> d-------- C:\Program Files\EA GAMES
2007-08-17 17:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Contacts
2007-08-17 17:10 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-17 14:02 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-08-17 13:26 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-17 13:18 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 13:18 <DIR> d-------- C:\WINDOWS\nview
2007-08-17 13:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-17 08:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-17 08:47 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-17 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-17 08:47 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-17 08:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-08-17 08:07 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2007-08-17 08:07 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2007-08-17 08:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-17 08:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-17 08:02 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-08-17 08:02 <DIR> d-------- C:\Program Files\XpertVision
2007-08-17 08:00 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-17 07:56 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-08-17 07:55 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-17 07:55 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-17 07:55 <DIR> d-------- C:\Program Files\Symantec
2007-08-17 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-17 07:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-17 07:52 49,152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-08-17 07:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 17:23 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-11 17:23 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-26 14:27 520192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-17 07:50 315392 --a------ C:\WINDOWS\HideWin.exe
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.
((((((((((((((((((((((((((((( snapshot_2007-09-12_225811.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 68,608 2007-09-13 21:14:17 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-13 21:14:35 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-13 21:14:36 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,902,016 2007-09-13 21:14:29 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-13 21:14:37 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-13 21:14:47 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,156,864 2007-09-13 21:14:23 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-13 21:14:15 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2007-09-13 21:14:07 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-13 21:14:10 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-13 21:14:32 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-13 21:14:33 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-13 21:14:34 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-13 21:14:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-13 21:14:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-13 21:14:14 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 749,568 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-13 21:14:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-13 21:14:52 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-13 21:14:41 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 2,940,928 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 413,696 2007-09-13 21:14:43 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-13 21:14:38 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 888,832 2007-09-13 21:14:09 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,001,216 2007-09-13 21:14:30 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-13 21:14:19 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 577,536 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-13 21:14:21 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 372,736 2007-09-13 21:14:39 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-13 21:14:46 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-13 21:14:16 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-13 21:14:22 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-13 21:14:48 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-13 21:14:24 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-13 21:14:25 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,152,768 2007-09-13 21:14:26 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,027,520 2007-09-13 21:14:28 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 26,624 2007-09-13 22:03:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e3f8e70963e1579fe3288d2cc7e44e85\Accessibility.ni.dll
----a-w 888,832 2007-09-13 22:03:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7cd12c95f2cb66e38e13b322b653ef3b\AspNetMMCExt.ni.dll
----a-w 237,568 2007-09-13 22:04:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5a17ce720b31646449abb92c3d4290f6\CustomMarshalers.ni.dll
----a-w 102,400 2007-09-13 22:04:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\4c95d38a4fd4921c7674157033fbaad2\DdsFileType.ni.dll
----a-w 15,360 2007-09-13 22:04:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\129bdd384ed597ad342643e416773eec\dfsvc.ni.exe
----a-w 499,712 2007-09-13 22:04:03 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\2d392d8c1b27748b59169a1eab4c6a26\ICSharpCode.SharpZipLib.ni.dll
----a-w 114,688 2007-09-13 22:03:53 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\62d0f532535e38c29565e1484b6d2a55\Interop.WIA.ni.dll
----a-w 880,640 2007-09-13 22:04:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\33a2b028e680426f3766aa0b9b8c54f5\Microsoft.Build.Engine.ni.dll
----a-w 81,920 2007-09-13 22:04:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\469ab9225153177bd9bace6256c1334b\Microsoft.Build.Framework.ni.dll
----a-w 1,687,552 2007-09-13 22:04:46 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6570d71032ab19773702e306b6860666\Microsoft.Build.Tasks.ni.dll
----a-w 163,840 2007-09-13 22:04:48 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#2189214d62873336c34cca282ac870d\Microsoft.Build.Utilities.ni.dll
----a-w 1,720,320 2007-09-13 22:04:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2bb3222f607b2a5f80f191129ebb9a49\Microsoft.VisualBasic.ni.dll
----a-w 11,304,960 2007-09-13 21:06:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\94126ac85ed603c9cf102c946c574248\mscorlib.ni.dll
----a-w 2,035,712 2007-09-13 22:04:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet\4190e2c1112bee8b20b3495e864c9a30\PaintDotNet.ni.exe
----a-w 98,304 2007-09-13 22:03:47 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\efcd9417128571948c81e760c58abbad\PaintDotNet.Base.ni.dll
----a-w 1,454,080 2007-09-13 22:03:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\cfc997ea22f38d4b750c640aa4ce8d1a\PaintDotNet.Core.ni.dll
----a-w 659,456 2007-09-13 22:03:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\e6e355df775930d16534835dec8cdd3d\PaintDotNet.Data.ni.dll
----a-w 606,208 2007-09-13 22:04:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\5ecb6c564d216acdf5bb8886e16d2c32\PaintDotNet.Effects.ni.dll
----a-w 544,768 2007-09-13 22:03:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\8bb9f71e0a88f5bd475e2855ef3d7296\PaintDotNet.Resources.ni.dll
----a-w 22,016 2007-09-13 22:03:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\31be5d49117c2c7f945fc22baeb56b4e\PaintDotNet.StylusReader.ni.dll
----a-w 540,672 2007-09-13 22:03:50 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\758f097758c4a5f0c2cc52ec7b6f7424\PaintDotNet.SystemLayer.ni.dll
----a-w 8,130,560 2007-09-13 21:07:15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\d7398c0a831a8f34930ac63c8fb2d5cb\System.ni.dll
----a-w 1,003,520 2007-09-13 22:03:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e40ef383c1c55f6457867b0e7ebdb4a\System.Configuration.ni.dll
----a-w 6,676,480 2007-09-13 21:07:38 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\e6c2afe0979e5b17aa21ede171ac92c3\System.Data.ni.dll
----a-w 2,695,168 2007-09-13 22:03:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\3a0364960beafb4617420c614f485c51\System.Data.SqlXml.ni.dll
----a-w 1,724,416 2007-09-13 22:03:45 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\d28084db81f965b09e10a0b8dab429eb\System.Deployment.ni.dll
----a-w 10,702,848 2007-09-13 21:12:13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\28e0c28804f0a9fd240ecacee3bc80ec\System.Design.ni.dll
----a-w 512,000 2007-09-13 22:04:55 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7e33a191a69118f84fe4b34b46f1dd9c\System.DirectoryServices.Protocols.ni.dll
----a-w 1,216,512 2007-09-13 22:04:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c8c7ef754ccdc266b70f822c64bdf80e\System.DirectoryServices.ni.dll
----a-w 1,601,536 2007-09-13 21:12:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e1e7f81a7649db69e386036bbfbe7536\System.Drawing.ni.dll
----a-w 229,376 2007-09-13 21:12:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8551095999dcad4b93d09cc3fbb5b08b\System.Drawing.Design.ni.dll
----a-w 659,456 2007-09-13 22:04:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b7708c7ea08ffa51ae6ac0e33a2ee776\System.EnterpriseServices.ni.dll
----a-w 294,912 2007-09-13 22:04:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b7708c7ea08ffa51ae6ac0e33a2ee776\System.EnterpriseServices.Wrapper.dll
----a-w 339,968 2007-09-13 22:03:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e4eea122974f579880cc241a56c13547\System.Runtime.Serialization.Formatters.Soap.ni.dll
----a-w 729,088 2007-09-13 22:03:42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\a3c6e10df8b8ef0880db5d0f43b1690a\System.Security.ni.dll
----a-w 684,032 2007-09-13 22:04:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\dff93599f54f9d99b7896c901f4518e3\System.Transactions.ni.dll
----a-w 12,185,600 2007-09-13 22:05:12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\701ca24c2ee9cc87adfb6103b92476bb\System.Web.ni.dll
----a-w 2,306,048 2007-09-13 22:05:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92ebbdde57f91e5a7c9ce65f18641cff\System.Web.Mobile.ni.dll
----a-w 237,568 2007-09-13 22:05:18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\fa7e1b4bdb3da5e7e5afcbbb9ae8bac3\System.Web.RegularExpressions.ni.dll
----a-w 1,941,504 2007-09-13 22:05:21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1df93ef1356fa594d0b27e60c7143a04\System.Web.Services.ni.dll
----a-w 13,107,200 2007-09-13 21:12:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\de3f835565e852f631d2d35e18aeb8d5\System.Windows.Forms.ni.dll
----a-w 5,623,808 2007-09-13 21:16:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a0716d4926ca6948100c0c89e7178f64\System.Xml.ni.dll
----a-w 1,297,910 2007-09-13 21:13:07 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DB.tmp\System.Xml.dll
----a-w 29,696 2007-09-13 22:04:36 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\e8ebb82f35f85c7da79b1cc9254511aa\WiaProxy32.ni.exe
----a-r 290,182 2007-09-13 03:01:42 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 58,712 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 507,904 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 75,264 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 32,608 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 33,632 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 32,600 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 5,120 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 228,688 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 749,568 2007-04-12 17:21:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,040 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 802,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,656 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,912 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 227,328 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 68,952 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,634,048 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 99,152 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 15,360 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 382,464 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 413,696 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,902,016 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 888,832 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,001,216 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 2,940,928 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 577,536 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 372,736 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,156,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,152,768 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,027,520 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,166,672 2007-04-12 17:21:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,330,688 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 406,016 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 271,360 2007-04-12 17:21:14 C:\WINDOWS\system32\mscoree.dll
----a-w 58,732 2007-09-13 21:15:09 C:\WINDOWS\system32\perfc009.dat
----a-w 392,432 2007-09-13 21:15:09 C:\WINDOWS\system32\perfh009.dat
----a-w 213,048 2005-05-24 01:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
----a-w 68,608 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-12 09:37:34 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-12 09:37:42 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,878,976 2007-09-12 09:37:14 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-12 09:37:45 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-12 09:38:06 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,025,792 2007-09-12 09:37:07 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-12 09:36:58 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 503,808 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-12 09:36:48 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-12 09:37:18 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-12 09:37:21 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-12 09:37:23 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-12 09:36:51 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-12 09:36:54 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-12 09:36:56 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-12 09:36:57 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 745,472 2007-09-12 09:36:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-12 09:38:09 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-12 09:38:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-12 09:38:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-12 09:36:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-12 09:38:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-12 09:36:34 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-12 09:36:35 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-12 09:37:55 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 3,018,752 2007-09-12 09:38:01 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 389,120 2007-09-12 09:37:56 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-12 09:37:01 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-12 09:37:48 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 884,736 2007-09-12 09:36:44 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,050,368 2007-09-12 09:37:15 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-12 09:37:02 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-12 09:37:03 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 700,416 2007-09-12 09:38:02 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-12 09:37:05 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 368,640 2007-09-12 09:37:50 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-12 09:38:04 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-12 09:37:52 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-12 09:37:54 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-12 09:37:06 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-12 09:38:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-12 09:37:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-12 09:37:10 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,316,608 2007-09-12 09:37:12 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,035,712 2007-09-12 09:37:13 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-r 290,182 2007-09-12 10:00:49 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 55,488 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 503,808 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 70,656 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 26,824 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 29,896 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 29,888 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 4,608 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 224,952 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 745,472 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 800,768 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,144 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,400 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 226,816 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 66,240 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,615,616 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 96,440 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 14,848 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 377,344 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 389,120 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,878,976 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 884,736 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,050,368 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 3,018,752 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 700,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 368,640 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,025,792 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,316,608 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,035,712 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,140,920 2005-09-22 21:29:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,306,624 2005-09-22 21:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 298,496 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 16,789,464 2007-08-02 11:34:12 C:\WINDOWS\system32\MRT.exe
----a-w 270,848 2005-09-22 21:28:52 C:\WINDOWS\system32\mscoree.dll
----a-w 59,052 2007-09-12 09:40:39 C:\WINDOWS\system32\perfc009.dat
----a-w 393,070 2007-09-12 09:40:39 C:\WINDOWS\system32\perfh009.dat
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [2007-04-23 19:20]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 17:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 11:22]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmkjj
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 11:20:19 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sachi Eapen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 01:58:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 2:00:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-15 01:59
.
--- E O F ---
New HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:40 AM, on 15/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\scanner\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7794 bytes
#21
Posted 14 September 2007 - 11:44 AM
- Hi
We’re almost there!
Fix Entries with HijackThis
- Open HijackThis, perform a scan and put a check next to the following items (if present):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all programs except HijackThis and click on Fix checked.
Make a .reg File
- Copy the text below into a Notepad document:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Note: Make sure there is no blank line before Windows Registry Editor Version 5.00 and one blank line at the end.
- Go to File > Save As:. Save the file as "Fix.reg" (Including the quotes.) on your C: drive (It’s important it is saved there, for the fix to work)
Run a .bat File
- Please copy and paste the text in the code box into Notepad.
@echo off if exist C:\look.txt del /q C:\look.txt reg export "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" C:\backup.reg reg import "C:\fix.reg" reg query "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" >> C:\look.txt start C:\look.txt
- Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)
- Double-click on Fix.bat to run the file.
- A notepad file will open. Post its contents here, along with a final HijackThis log. Also tell me how everything is working.


So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
#22
Posted 14 September 2007 - 04:25 PM

Fix.bat log
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0C:\\WINDOWS\\system32\\pmkjj\
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x314
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\
enabledcom REG_SZ y
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache
New HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:07 AM, on 15/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Armadillo Run Demo\Armadillo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\scanner\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7362 bytes
#23
Posted 14 September 2007 - 04:39 PM
- Hi
Combofix
- Open Notepad, and copy/paste the text in the quotebox below into it:
Registry:: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
- Save this as "CFScript".
- Referring to the picture above, drag CFScript into ComboFix.exe.
- It will create a log; post it here.


So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
#24
Posted 14 September 2007 - 08:28 PM

Combofix
ComboFix 07-09-10.6 - "Sachi Eapen" 2007-09-15 12:22:42.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1613 [GMT 10:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.
2007-09-15 08:21 8,810 --a------ C:\backup.reg
2007-09-15 08:19 149 --a------ C:\fix.reg
2007-09-13 07:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-13 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-12 22:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 20:00 <DIR> d-------- C:\Program Files\Paint.NET
2007-09-12 17:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-12 17:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-12 17:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-12 17:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-12 17:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-12 06:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-12 06:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 22:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 17:20 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-09-11 16:52 <DIR> d-------- C:\WINDOWS\pss
2007-09-11 16:26 <DIR> d-------- C:\Program Files\Google
2007-09-10 16:34 36,576 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-09-09 22:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\BitTorrent DNA
2007-09-09 21:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\WinRAR
2007-09-07 22:33 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-07 21:25 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia Multimedia Player
2007-09-07 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-07 21:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia
2007-09-07 21:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-07 21:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-07 21:17 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-07 21:17 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-07 21:17 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-07 21:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-09-07 07:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Phone Browser
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\PC Suite
2007-09-06 23:34 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 22:37 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-05 22:37 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-05 22:37 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-05 22:37 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-01 11:39 <DIR> d-------- C:\Program Files\ahead
2007-08-31 13:07 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2007-08-30 21:17 66 --a------ C:\WINDOWS\system32\MASHTWTY.SYS
2007-08-30 21:17 <DIR> d-------- C:\Program Files\Blaze Audio
2007-08-27 19:19 <DIR> d-------- C:\DOCUME~1\SACHIE~1\WINDOWS
2007-08-26 14:41 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Ventrilo
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 14:16 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Ventrilo
2007-08-25 11:36 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-25 11:36 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-25 11:36 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-25 11:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Shared
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\LimeWire
2007-08-22 16:53 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-08-22 16:53 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-20 18:59 <DIR> d-------- C:\Program Files\mIRC
2007-08-20 18:59 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\mIRC
2007-08-20 18:53 <DIR> d-------- C:\Program Files\Steam
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iTunes
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iPod
2007-08-20 18:46 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Apple Computer
2007-08-20 18:45 <DIR> d-------- C:\Program Files\QuickTime
2007-08-20 18:45 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-20 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-20 18:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-20 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-19 20:31 <DIR> d-------- C:\Program Files\EA GAMES
2007-08-17 17:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Contacts
2007-08-17 17:10 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-17 14:02 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-08-17 13:26 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-17 13:18 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 13:18 <DIR> d-------- C:\WINDOWS\nview
2007-08-17 13:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-17 08:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-17 08:47 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-17 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-17 08:47 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-17 08:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-08-17 08:07 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2007-08-17 08:07 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2007-08-17 08:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-17 08:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-17 08:02 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-08-17 08:02 <DIR> d-------- C:\Program Files\XpertVision
2007-08-17 08:00 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-17 07:56 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-08-17 07:55 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-17 07:55 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-17 07:55 <DIR> d-------- C:\Program Files\Symantec
2007-08-17 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-17 07:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 17:23 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-11 17:23 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-26 14:27 520192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-17 07:50 315392 --a------ C:\WINDOWS\HideWin.exe
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.
((((((((((((((((((((((((((((( snapshot_2007-09-12_225811.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 68,608 2007-09-13 21:14:17 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-13 21:14:35 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-13 21:14:36 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,902,016 2007-09-13 21:14:29 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-13 21:14:37 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-13 21:14:47 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,156,864 2007-09-13 21:14:23 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-13 21:14:15 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2007-09-13 21:14:07 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-13 21:14:10 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-13 21:14:32 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-13 21:14:33 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-13 21:14:34 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-13 21:14:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-13 21:14:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-13 21:14:14 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 749,568 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-13 21:14:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-13 21:14:52 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-13 21:14:41 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 2,940,928 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 413,696 2007-09-13 21:14:43 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-13 21:14:38 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 888,832 2007-09-13 21:14:09 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,001,216 2007-09-13 21:14:30 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-13 21:14:19 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 577,536 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-13 21:14:21 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 372,736 2007-09-13 21:14:39 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-13 21:14:46 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-13 21:14:16 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-13 21:14:22 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-13 21:14:48 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-13 21:14:24 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-13 21:14:25 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,152,768 2007-09-13 21:14:26 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,027,520 2007-09-13 21:14:28 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 26,624 2007-09-13 22:03:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e3f8e70963e1579fe3288d2cc7e44e85\Accessibility.ni.dll
----a-w 888,832 2007-09-13 22:03:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7cd12c95f2cb66e38e13b322b653ef3b\AspNetMMCExt.ni.dll
----a-w 237,568 2007-09-13 22:04:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5a17ce720b31646449abb92c3d4290f6\CustomMarshalers.ni.dll
----a-w 102,400 2007-09-13 22:04:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\4c95d38a4fd4921c7674157033fbaad2\DdsFileType.ni.dll
----a-w 15,360 2007-09-13 22:04:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\129bdd384ed597ad342643e416773eec\dfsvc.ni.exe
----a-w 499,712 2007-09-13 22:04:03 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\2d392d8c1b27748b59169a1eab4c6a26\ICSharpCode.SharpZipLib.ni.dll
----a-w 114,688 2007-09-13 22:03:53 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\62d0f532535e38c29565e1484b6d2a55\Interop.WIA.ni.dll
----a-w 880,640 2007-09-13 22:04:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\33a2b028e680426f3766aa0b9b8c54f5\Microsoft.Build.Engine.ni.dll
----a-w 81,920 2007-09-13 22:04:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\469ab9225153177bd9bace6256c1334b\Microsoft.Build.Framework.ni.dll
----a-w 1,687,552 2007-09-13 22:04:46 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6570d71032ab19773702e306b6860666\Microsoft.Build.Tasks.ni.dll
----a-w 163,840 2007-09-13 22:04:48 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#2189214d62873336c34cca282ac870d\Microsoft.Build.Utilities.ni.dll
----a-w 1,720,320 2007-09-13 22:04:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2bb3222f607b2a5f80f191129ebb9a49\Microsoft.VisualBasic.ni.dll
----a-w 11,304,960 2007-09-13 21:06:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\94126ac85ed603c9cf102c946c574248\mscorlib.ni.dll
----a-w 2,035,712 2007-09-13 22:04:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet\4190e2c1112bee8b20b3495e864c9a30\PaintDotNet.ni.exe
----a-w 98,304 2007-09-13 22:03:47 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\efcd9417128571948c81e760c58abbad\PaintDotNet.Base.ni.dll
----a-w 1,454,080 2007-09-13 22:03:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\cfc997ea22f38d4b750c640aa4ce8d1a\PaintDotNet.Core.ni.dll
----a-w 659,456 2007-09-13 22:03:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\e6e355df775930d16534835dec8cdd3d\PaintDotNet.Data.ni.dll
----a-w 606,208 2007-09-13 22:04:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\5ecb6c564d216acdf5bb8886e16d2c32\PaintDotNet.Effects.ni.dll
----a-w 544,768 2007-09-13 22:03:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\8bb9f71e0a88f5bd475e2855ef3d7296\PaintDotNet.Resources.ni.dll
----a-w 22,016 2007-09-13 22:03:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\31be5d49117c2c7f945fc22baeb56b4e\PaintDotNet.StylusReader.ni.dll
----a-w 540,672 2007-09-13 22:03:50 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\758f097758c4a5f0c2cc52ec7b6f7424\PaintDotNet.SystemLayer.ni.dll
----a-w 8,130,560 2007-09-13 21:07:15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\d7398c0a831a8f34930ac63c8fb2d5cb\System.ni.dll
----a-w 1,003,520 2007-09-13 22:03:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e40ef383c1c55f6457867b0e7ebdb4a\System.Configuration.ni.dll
----a-w 6,676,480 2007-09-13 21:07:38 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\e6c2afe0979e5b17aa21ede171ac92c3\System.Data.ni.dll
----a-w 2,695,168 2007-09-13 22:03:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\3a0364960beafb4617420c614f485c51\System.Data.SqlXml.ni.dll
----a-w 1,724,416 2007-09-13 22:03:45 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\d28084db81f965b09e10a0b8dab429eb\System.Deployment.ni.dll
----a-w 10,702,848 2007-09-13 21:12:13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\28e0c28804f0a9fd240ecacee3bc80ec\System.Design.ni.dll
----a-w 512,000 2007-09-13 22:04:55 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7e33a191a69118f84fe4b34b46f1dd9c\System.DirectoryServices.Protocols.ni.dll
----a-w 1,216,512 2007-09-13 22:04:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c8c7ef754ccdc266b70f822c64bdf80e\System.DirectoryServices.ni.dll
----a-w 1,601,536 2007-09-13 21:12:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e1e7f81a7649db69e386036bbfbe7536\System.Drawing.ni.dll
----a-w 229,376 2007-09-13 21:12:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8551095999dcad4b93d09cc3fbb5b08b\System.Drawing.Design.ni.dll
----a-w 659,456 2007-09-13 22:04:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b7708c7ea08ffa51ae6ac0e33a2ee776\System.EnterpriseServices.ni.dll
----a-w 294,912 2007-09-13 22:04:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b7708c7ea08ffa51ae6ac0e33a2ee776\System.EnterpriseServices.Wrapper.dll
----a-w 339,968 2007-09-13 22:03:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e4eea122974f579880cc241a56c13547\System.Runtime.Serialization.Formatters.Soap.ni.dll
----a-w 729,088 2007-09-13 22:03:42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\a3c6e10df8b8ef0880db5d0f43b1690a\System.Security.ni.dll
----a-w 684,032 2007-09-13 22:04:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\dff93599f54f9d99b7896c901f4518e3\System.Transactions.ni.dll
----a-w 12,185,600 2007-09-13 22:05:12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\701ca24c2ee9cc87adfb6103b92476bb\System.Web.ni.dll
----a-w 2,306,048 2007-09-13 22:05:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92ebbdde57f91e5a7c9ce65f18641cff\System.Web.Mobile.ni.dll
----a-w 237,568 2007-09-13 22:05:18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\fa7e1b4bdb3da5e7e5afcbbb9ae8bac3\System.Web.RegularExpressions.ni.dll
----a-w 1,941,504 2007-09-13 22:05:21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1df93ef1356fa594d0b27e60c7143a04\System.Web.Services.ni.dll
----a-w 13,107,200 2007-09-13 21:12:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\de3f835565e852f631d2d35e18aeb8d5\System.Windows.Forms.ni.dll
----a-w 5,623,808 2007-09-13 21:16:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a0716d4926ca6948100c0c89e7178f64\System.Xml.ni.dll
----a-w 1,297,910 2007-09-13 21:13:07 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DB.tmp\System.Xml.dll
----a-w 29,696 2007-09-13 22:04:36 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\e8ebb82f35f85c7da79b1cc9254511aa\WiaProxy32.ni.exe
----a-r 290,182 2007-09-13 03:01:42 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 58,712 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 507,904 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 75,264 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 32,608 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 33,632 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 32,600 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 5,120 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 228,688 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 749,568 2007-04-12 17:21:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,040 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 802,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,656 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,912 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 227,328 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 68,952 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,634,048 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 99,152 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 15,360 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 382,464 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 413,696 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,902,016 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 888,832 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,001,216 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 2,940,928 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 577,536 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 372,736 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,156,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,152,768 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,027,520 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,166,672 2007-04-12 17:21:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,330,688 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 406,016 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 271,360 2007-04-12 17:21:14 C:\WINDOWS\system32\mscoree.dll
----a-w 58,732 2007-09-13 21:15:09 C:\WINDOWS\system32\perfc009.dat
----a-w 392,432 2007-09-13 21:15:09 C:\WINDOWS\system32\perfh009.dat
----a-w 213,048 2005-05-24 01:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
----a-w 68,608 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-12 09:37:34 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-12 09:37:42 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,878,976 2007-09-12 09:37:14 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-12 09:37:45 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-12 09:38:06 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,025,792 2007-09-12 09:37:07 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-12 09:36:58 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 503,808 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-12 09:36:48 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-12 09:37:18 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-12 09:37:21 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-12 09:37:23 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-12 09:36:51 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-12 09:36:54 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-12 09:36:56 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-12 09:36:57 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 745,472 2007-09-12 09:36:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-12 09:38:09 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-12 09:38:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-12 09:38:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-12 09:36:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-12 09:38:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-12 09:36:34 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-12 09:36:35 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-12 09:37:55 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 3,018,752 2007-09-12 09:38:01 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 389,120 2007-09-12 09:37:56 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-12 09:37:01 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-12 09:37:48 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 884,736 2007-09-12 09:36:44 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,050,368 2007-09-12 09:37:15 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-12 09:37:02 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-12 09:37:03 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 700,416 2007-09-12 09:38:02 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-12 09:37:05 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 368,640 2007-09-12 09:37:50 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-12 09:38:04 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-12 09:37:52 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-12 09:37:54 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-12 09:37:06 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-12 09:38:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-12 09:37:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-12 09:37:10 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,316,608 2007-09-12 09:37:12 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,035,712 2007-09-12 09:37:13 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-r 290,182 2007-09-12 10:00:49 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 55,488 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 503,808 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 70,656 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 26,824 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 29,896 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 29,888 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 4,608 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 224,952 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 745,472 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 800,768 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,144 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,400 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 226,816 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 66,240 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,615,616 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 96,440 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 14,848 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 377,344 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 389,120 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,878,976 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 884,736 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,050,368 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 3,018,752 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 700,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 368,640 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,025,792 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,316,608 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,035,712 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,140,920 2005-09-22 21:29:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,306,624 2005-09-22 21:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 298,496 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 16,789,464 2007-08-02 11:34:12 C:\WINDOWS\system32\MRT.exe
----a-w 270,848 2005-09-22 21:28:52 C:\WINDOWS\system32\mscoree.dll
----a-w 59,052 2007-09-12 09:40:39 C:\WINDOWS\system32\perfc009.dat
----a-w 393,070 2007-09-12 09:40:39 C:\WINDOWS\system32\perfh009.dat
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [2007-04-23 19:20]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 17:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 11:22]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
*Newly Created Service* - COMHOST
*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 11:20:19 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sachi Eapen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 12:23:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 12:23:57
C:\ComboFix-quarantined-files.txt ... 2007-09-15 12:23
C:\ComboFix2.txt ... 2007-09-15 02:00
.
--- E O F ---
#25
Posted 15 September 2007 - 05:16 AM
- Hi
It seems we finally got there!
Prevention
- Congratulations, your log looks clean. Please advise of any problems you are still experiencing, or follow these simple steps to keep your computer clean in the future:
- Delete Tools - You can now delete the following files/folders:
- Combofix.exe, C:\qoobox, C:\Combofix.txt
- Vundofix.exe, C:\Vundofix.txt
- Smitfraudfix.exe, C:\rapport.txt
- SDFix.exe, C:\SDFix
- Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
- Turn off System Restore.
- On the desktop, right-click My Computer
- Click Properties
- Click the System Restore tab
- Check Turn off System Restore
- Click Apply, and then click OK
- Reboot.
- Turn on System Restore.
- On the desktop, right-click My Computer
- Click Properties
- Click the System Restore tab
- Uncheck Turn off System Restore
- Click Apply, and then click OK
- Make your Internet Explorer more secure
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab.
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt.
- Change the Download unsigned ActiveX controls to Disable.
- Change the Initialise and script ActiveX controls not marked as safe to Disable.
- Change the Installation of desktop items to Prompt.
- Change the Launching programs and files in an IFRAME to Prompt.
- Change the Navigate sub-frames across different domains to Prompt.
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Delete Tools - You can now delete the following files/folders:
- Update your Anti-Virus Software - It is very imprtant that you update your Anti-Virus software at least once a week (even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - A firewall is very important for the security of your computer. The Windows Firewall which comes with Service Pack 2 does not monitor outgoing connections, so any malware can 'phone home' without you knowing it. For an article on firewalls and a listing of some available ones see the link below:
Computer Safety On line - Software Firewalls - Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware - Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line - Anti-Malware - Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically. - Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you have to be registered to post after registering just find your country room and register your complaint.
The infection you had was Virtumundo (Vundo)


So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
Register to Remove
#26
Posted 15 September 2007 - 07:40 PM

#27
Posted 16 September 2007 - 03:54 AM



So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users