Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default System Infected with Spyware.

    Here is a copy of the SuperAntiSpyware Log.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/19/2008 at 11:06 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3384
    Trace Rules Database Version: 1378

    Scan type : Complete Scan
    Total Scan Time : 01:04:17

    Memory items scanned : 518
    Memory threats detected : 1
    Registry items scanned : 7118
    Registry threats detected : 23
    File items scanned : 39808
    File threats detected : 53

    Adware.IECodec
    C:\WINDOWS\MPCODECPLG.DLL
    C:\WINDOWS\MPCODECPLG.DLL
    HKLM\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}#AppID
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Control
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32#ThreadingModel
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus\1
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\ProgID
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\ToolboxBitmap32
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\TypeLib
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Version
    HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\VersionIndependentProgID
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}

    Adware.Tracking Cookie
    C:\Documents and Settings\Doug\Cookies\doug@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Doug\Cookies\doug@yourbestfinder[1].txt
    C:\Documents and Settings\Doug\Cookies\doug@shop.yourprivacyguard[2].txt
    C:\Documents and Settings\Doug\Cookies\doug@scanner.adwareremover2007[3].txt
    C:\Documents and Settings\Doug\Cookies\doug@yourprivacyguard[3].txt
    C:\Documents and Settings\Angie\Cookies\angie@2o7[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@a.findarticles[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@ad.yieldmanager[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@adopt.specificclick[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@adrevolver[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@ads.pointroll[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@ads.revsci[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@advertising[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@atdmt[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@buycom.122.2o7[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@casalemedia[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@doubleclick[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@e-2dj6wfliapdjcep.stats.esomniture[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@e-2dj6wjkokjdjago.stats.esomniture[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@e-2dj6wjkounazilo.stats.esomniture[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@e-2dj6wjlosjdjago.stats.esomniture[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@e-2dj6wjnyqidjaao.stats.esomniture[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@ehg-warnerbrothers.hitbox[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@fastclick[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@findarticles[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@hitbox[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@media.adrevolver[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@paypal.112.2o7[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@perf.overture[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@questionmarket[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@realmedia[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@revsci[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@s.clickability[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@scanner.adwareremover2007[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@shop.yourprivacyguard[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@specificclick[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@statcounter[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@tacoda[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@traffic.buyservices[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@tribalfusion[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@www.burstnet[2].txt
    C:\Documents and Settings\Angie\Cookies\angie@www.googleadservices[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@yourbestfinder[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@yourprivacyguard[1].txt
    C:\Documents and Settings\Angie\Cookies\angie@zedo[2].txt
    C:\Documents and Settings\Doug\Cookies\doug@a.findarticles[1].txt
    C:\Documents and Settings\Doug\Cookies\doug@gamefinder.disney.go[1].txt
    C:\Documents and Settings\Doug\Cookies\doug@scanner.adwareremover2007[2].txt
    C:\Documents and Settings\Doug\Cookies\doug@shop.yourprivacyguard[1].txt
    C:\Documents and Settings\Doug\Cookies\doug@www.findarticles[1].txt
    C:\Documents and Settings\Doug\Cookies\doug@yourprivacyguard[1].txt

    Trojan.Net-MSV/VPS
    HKCR\MSVPS.MSVPSApp
    HKCR\MSVPS.MSVPSApp\CLSID
    HKCR\MSVPS.MSVPSApp\CurVer

    Trojan.Net-MU/Gen
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

    Rogue.ErrorFighter
    HKCR\egodktf.ToolBar.1
    HKCR\egodktf.ToolBar.1\CLSID

    Trojan.Unclassified/FKN
    C:\WINDOWS\FKNXWQF.EXE




    I will follow with ComboFix Log and Hijackthis log.

  2. #2
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default ComboFix Log

    ComboFix 08-01-09.2 - Doug 2008-01-19 12:53:39.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2381 [GMT -6:00]
    Running from: C:\Documents and Settings\Doug\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\dat.txt

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
    .

    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\WebUpdater
    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\MapSource
    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\Garmin
    2008-01-18 22:27 . 2008-01-18 10:20 294,912 --a------ C:\WINDOWS\dopfwrlgwx.dll
    2008-01-18 22:27 . 2008-01-18 10:20 294,912 --a------ C:\WINDOWS\aslpmqk.dll
    2008-01-18 22:27 . 2008-01-18 10:20 176,128 --a------ C:\WINDOWS\egodktf.dll
    2007-12-24 13:37 . 2007-12-24 13:37 d-------- C:\Converted Video Files
    2007-12-24 12:02 . 2007-12-24 12:52 d-------- C:\Program Files\myMovo
    2007-12-24 11:01 . 2007-12-24 11:01 d-------- C:\Program Files\AVI Codec Pack
    2007-12-23 09:04 . 2007-12-23 09:04 d-------- C:\Documents and Settings\Doug\Application Data\Twins Software
    2007-12-23 09:03 . 2007-12-23 09:03 d-------- C:\Program Files\Twins Software
    2007-12-23 09:03 . 2007-02-05 17:07 2,912,256 --a------ C:\WINDOWS\system32\MediaInfo.dll
    2007-12-23 09:03 . 2000-02-29 21:02 57,344 --a------ C:\WINDOWS\system32\CMDRedirect.dll
    2007-12-22 11:38 . 2007-12-27 20:49 d-------- C:\Program Files\Mp3TagToolsv12
    2007-12-22 02:21 . 2008-01-06 10:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-12-21 23:06 . 2007-12-22 11:32 58 --a------ C:\WINDOWS\mymp3s.ini
    2007-12-20 21:34 . 2007-12-20 21:35 d-------- C:\Program Files\Zune
    2007-12-20 21:34 . 2007-12-20 21:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
    2007-12-19 14:05 . 2007-12-19 14:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 18:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-01-13 15:48 --------- d-----w C:\Program Files\SlySoft
    2007-12-24 16:24 --------- d-----w C:\Documents and Settings\Doug\Application Data\U3
    2007-12-24 02:18 --------- d-----w C:\Documents and Settings\Doug\Application Data\BitTorrent
    2007-12-23 05:53 --------- d-----w C:\Program Files\BitTorrent
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-25 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-25 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-25 22:50 --------- d-----w C:\Documents and Settings\Doug\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:30 3,082 ----a-w C:\WINDOWS\system32\tmp.reg
    2007-11-25 22:22 --------- d-----w C:\Program Files\Trend Micro
    2007-11-25 21:34 --------- d-----w C:\Program Files\Enigma Software Group
    2007-11-25 15:26 --------- d-----w C:\Program Files\Cosmi
    2007-11-25 15:25 --------- d-----w C:\Program Files\MUSICMATCH
    2007-11-22 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
    2007-11-20 03:57 --------- d-----w C:\Program Files\Google
    2007-11-16 03:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
    2007-11-16 03:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
    2007-11-16 03:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
    2007-11-16 03:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
    2007-11-16 03:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
    2007-11-16 03:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-06-30 00:09 92,064 ----a-w C:\Documents and Settings\Doug\mqdmmdm.sys
    2007-06-30 00:09 9,232 ----a-w C:\Documents and Settings\Doug\mqdmmdfl.sys
    2007-06-30 00:09 79,328 ----a-w C:\Documents and Settings\Doug\mqdmserd.sys
    2007-06-30 00:09 66,656 ----a-w C:\Documents and Settings\Doug\mqdmbus.sys
    2007-06-30 00:09 6,208 ----a-w C:\Documents and Settings\Doug\mqdmcmnt.sys
    2007-06-30 00:09 5,936 ----a-w C:\Documents and Settings\Doug\mqdmwhnt.sys
    2007-06-30 00:09 4,048 ----a-w C:\Documents and Settings\Doug\mqdmcr.sys
    2007-06-30 00:09 25,600 ----a-w C:\Documents and Settings\Doug\usbsermptxp.sys
    2007-06-30 00:09 22,768 ----a-w C:\Documents and Settings\Doug\usbsermpt.sys
    2007-01-20 05:27 0 ----a-w C:\Documents and Settings\Doug\^0^DRL^0^.exe
    2006-10-07 00:06 88 --sh--r C:\WINDOWS\system32\C5BBE038DF.sys
    2006-10-07 00:06 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-30_ 7.04.18.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
    + 2007-10-10 23:47:27 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
    + 2007-10-10 23:47:27 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
    + 2007-10-10 23:47:27 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
    + 2007-10-10 23:47:27 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
    + 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
    + 2007-10-10 23:47:27 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
    + 2007-10-10 23:47:27 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
    + 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
    + 2007-10-10 23:47:27 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
    + 2007-10-10 23:47:27 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
    + 2007-10-10 23:47:27 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
    + 2007-10-10 23:47:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
    + 2007-10-10 23:47:27 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
    + 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
    + 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
    + 2007-10-10 23:47:28 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
    + 2007-10-10 23:47:28 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
    + 2007-10-10 23:47:28 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
    + 2007-10-30 23:48:49 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    + 2007-10-10 23:47:28 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
    + 2007-10-10 23:47:28 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
    + 2007-10-10 23:47:28 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
    + 2007-10-10 23:47:28 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
    + 2007-10-10 23:47:28 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
    + 2007-10-10 23:47:29 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
    + 2007-10-10 23:47:29 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
    + 2007-10-10 23:47:29 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
    + 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
    + 2007-10-27 22:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
    + 2007-10-27 22:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
    + 2006-10-19 03:47:18 222,208 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
    + 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
    + 2004-08-04 10:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
    + 2007-12-23 06:02:20 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2007-12-23 06:02:30 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2007-12-23 06:02:30 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2007-12-23 06:02:32 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2007-12-23 06:02:27 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2007-12-23 06:02:14 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2007-12-23 06:02:14 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2007-12-23 06:02:37 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2007-12-23 06:02:23 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2007-12-23 06:02:19 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2007-12-23 06:02:13 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2007-12-23 06:02:16 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2007-12-23 06:02:29 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2007-12-23 06:02:29 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2007-12-23 06:02:30 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2007-12-23 06:02:17 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2007-12-23 06:02:17 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2007-12-23 06:02:18 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2007-12-23 06:02:19 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2007-12-23 06:02:16 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2007-12-23 06:02:39 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2007-12-23 06:02:39 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2007-12-23 06:02:11 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2007-12-23 06:02:38 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2007-12-23 06:02:40 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2007-12-23 06:02:13 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2007-12-23 06:02:12 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2007-12-23 06:02:13 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2007-12-23 06:02:35 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2007-12-23 06:02:21 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2007-12-23 06:02:35 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2007-12-23 06:02:33 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2007-12-23 06:02:15 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2007-12-23 06:02:28 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2007-12-23 06:02:22 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2007-12-23 06:02:21 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2007-12-23 06:02:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2007-12-23 06:02:36 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2007-12-23 06:02:33 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2007-12-23 06:02:37 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2007-12-23 06:02:34 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2007-12-23 06:02:34 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2007-12-23 06:02:20 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2007-12-23 06:02:22 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2007-12-23 06:02:38 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2007-12-23 06:02:24 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2007-12-23 06:02:25 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2007-12-23 06:02:25 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2007-12-23 06:02:26 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2007-12-23 06:02:36 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2007-12-23 13:48:22 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\a9cbdd63507da5bf972ce99a0d3cf83e\Accessibility.ni.dll
    + 2007-12-23 13:48:24 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\72c5e12621a48ca07d73c8a02378bff2\AspNetMMCExt.ni.dll
    + 2007-12-23 13:48:24 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7090bcee88103335b28c84a4eb3dabb6\CustomMarshalers.ni.dll
    + 2007-12-23 13:48:24 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\3b6feafcebe87b5424716fdd1b74fef6\dfsvc.ni.exe
    + 2007-12-23 13:48:26 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\afa35200f555b662ebccd1b87a59f8e8\Microsoft.Build.Engine.ni.dll
    + 2007-12-23 13:48:26 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9d07e927a713659c30dd1cf0d5fdd37a\Microsoft.Build.Framework.ni.dll
    + 2007-12-23 13:48:29 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d47fdf0df4689c49d7c8deaa9704685\Microsoft.Build.Tasks.ni.dll
    + 2007-12-23 13:48:30 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7bd18c7721b488380b5ac901ff100f3c\Microsoft.Build.Utilities.ni.dll
    + 2007-12-23 13:48:32 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ab3a8acf60f6e410b553b9d26c1912a0\Microsoft.VisualBasic.ni.dll
    + 2007-12-23 13:49:30 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\95e1edc8df0e9c83108f05477e7058a2\Microsoft.VisualC.ni.dll
    + 2007-12-23 06:03:32 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e44b2b9eaeac698233fbf295729c9a8e\mscorlib.ni.dll
    + 2007-12-23 13:49:37 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\95f5015beb1d617d4ec00e692339c32b\System.Configuration.Install.ni.dll
    + 2007-12-23 13:48:34 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\faf60edbfa148791dd8f50d7f6338847\System.Configuration.ni.dll
    + 2007-12-23 13:49:35 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\cdcb5b25930ddd2d2ce1c056e5e9c732\System.Data.OracleClient.ni.dll
    + 2007-12-23 13:49:29 2,695,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\dfa4fc40ede77566a7a63a74e7413530\System.Data.SqlXml.ni.dll
    + 2007-12-23 13:39:50 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0ecb0cd2738d09a50d9ecd597b638f15\System.Data.ni.dll
    + 2007-12-23 13:48:36 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a7f35417892c160889c57ed490550f16\System.Deployment.ni.dll
    + 2007-12-23 13:40:18 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\d6734ab03d54d7e6abe98e81e45a3d13\System.Design.ni.dll
    + 2007-12-23 13:48:39 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\00baeeb4693e760c8ac2fe2aa0145f72\System.DirectoryServices.ni.dll
    + 2007-12-23 13:48:40 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d3ef031376f4aab5e05f4d55753f1591\System.DirectoryServices.Protocols.ni.dll
    + 2007-12-23 13:40:23 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0b8f201864a4d17e457ef146f9655a1a\System.Drawing.Design.ni.dll
    + 2007-12-23 13:40:21 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\947e85a0d127663f00640818b859cad7\System.Drawing.ni.dll
    + 2007-12-23 13:48:42 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\839824f38b152a7265490c6cd231923d\System.EnterpriseServices.ni.dll
    + 2007-12-23 13:48:41 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\839824f38b152a7265490c6cd231923d\System.EnterpriseServices.Wrapper.dll
    + 2007-12-23 13:49:32 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b682c9d01968d78a9c66894af96b155a\System.Runtime.Remoting.ni.dll
    + 2007-12-23 13:49:33 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9407ffe011763b83711924861bd4e18\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2007-12-23 13:48:43 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\fec5678ed4d9fd689e75fd4f785fd1b7\System.Security.ni.dll
    + 2007-12-23 13:49:36 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0360578dc18bb969e17bf9c77354b237\System.ServiceProcess.ni.dll
    + 2007-12-23 13:48:44 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5cfb0b03fa2f363369f0098e53d6f1a6\System.Transactions.ni.dll
    + 2007-12-23 13:49:10 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f77d468508114ff8b79da5a9eb014d47\System.Web.Mobile.ni.dll
    + 2007-12-23 13:49:11 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2b68c943b142af188b14f46bcd0ffc94\System.Web.RegularExpressions.ni.dll
    + 2007-12-23 13:49:14 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d1055496176480f6b07f027f2783826\System.Web.Services.ni.dll
    + 2007-12-23 13:49:06 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\fd8ced7c6c4ce9063a509bbd4204da96\System.Web.ni.dll
    + 2007-12-23 13:40:49 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\585221fb87d335d2ad0562d30c45587a\System.Windows.Forms.ni.dll
    + 2007-12-23 13:41:00 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d829fd1c28f99016cffbd27a7d19d0e5\System.Xml.ni.dll
    + 2007-12-23 13:39:36 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\00e79a3ef0cf44c48a9bfa8b8eb01f16\System.ni.dll
    + 2007-12-23 13:49:23 5,799,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIX\720db4fb3ef30a697b12df9b54912f96\UIX.ni.dll
    + 2007-12-23 13:49:38 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\c78fd2dbc1fcbb2e1b8fc19c1a647222\ZuneDBApi.ni.dll
    + 2007-12-23 13:49:44 1,769,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZuneShell\2e2372944d87fe9b0ac412406ae61785\ZuneShell.ni.dll
    + 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2008-01-19 18:53:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-19 18:53:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-19 18:53:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-19 18:53:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-19 18:53:27 4,653,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-19 18:53:27 270,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
    + 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
    + 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
    + 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
    + 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
    + 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
    + 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
    + 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
    + 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
    + 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
    + 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
    + 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
    + 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
    + 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
    + 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
    + 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
    + 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
    + 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
    + 2007-08-20 10:04:41 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
    + 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
    + 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
    + 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
    + 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
    + 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
    + 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
    + 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
    + 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    - 2003-02-21 00:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2005-09-23 13:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2003-02-21 00:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 13:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 13:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 13:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 13:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
    - 2003-02-20 23:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 13:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1232\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1532\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1836\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2000\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2008\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2024\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2112\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW228\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2704\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3080\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3100\_PerfCounter.dll
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3576\_PerfCounter.dll
    + 2005-09-23 13:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 13:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2005-09-23 13:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 13:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 13:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-09-23 13:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 13:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 13:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2007-04-13 09:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 13:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2007-04-13 09:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2007-04-13 09:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2007-04-13 09:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2007-04-13 09:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 13:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2007-04-13 09:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 13:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2007-04-13 09:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2007-04-13 09:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2007-04-13 09:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 13:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2007-04-13 09:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 13:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 13:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2005-09-23 13:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 13:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 13:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 13:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 13:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2007-04-13 09:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 13:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 13:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-09-23 13:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2007-04-13 09:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2005-09-23 13:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2005-09-23 13:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2005-09-23 13:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2007-04-13 09:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2007-04-13 09:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2005-09-23 13:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2005-09-23 13:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2005-09-23 13:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2005-09-23 13:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    + 2005-09-23 12:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
    + 2005-09-23 12:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
    + 2005-09-23 12:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
    + 2005-09-23 12:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
    + 2005-09-23 12:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
    + 2005-09-23 12:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
    + 2005-09-23 09:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
    + 2005-09-23 12:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
    + 2005-09-23 12:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
    + 2005-09-23 12:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
    + 2005-09-23 12:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
    + 2005-09-23 12:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
    + 2005-09-23 12:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
    + 2005-09-23 12:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
    + 2005-09-23 12:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
    + 2005-09-23 12:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
    + 2005-09-23 12:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
    + 2005-09-23 12:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
    + 2005-09-23 12:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
    + 2005-09-23 12:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
    + 2005-09-23 12:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
    + 2005-09-23 12:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
    + 2005-09-23 12:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
    + 2005-09-23 12:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
    + 2005-09-23 12:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
    + 2005-09-23 13:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
    + 2007-04-13 09:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2005-09-23 13:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2007-04-13 09:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2005-09-23 13:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2007-04-13 09:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2005-09-23 13:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2005-09-23 13:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2005-09-23 13:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2005-09-23 13:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2005-09-23 13:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2005-09-23 13:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2005-09-23 13:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2005-09-23 13:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2007-04-13 09:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2005-09-23 13:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2007-04-13 09:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2005-09-23 13:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2005-09-23 13:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2007-04-13 09:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2007-04-13 09:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2005-09-23 13:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2007-04-13 09:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2007-04-13 09:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2005-09-23 13:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2005-09-23 13:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2005-09-23 13:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2007-04-13 09:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2007-04-13 09:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2005-09-23 13:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2007-04-13 09:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2005-09-23 13:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2007-04-13 09:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2007-04-13 09:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2005-09-23 13:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2007-04-13 09:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2005-09-23 13:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2005-09-23 13:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2005-09-23 13:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2005-09-23 13:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2005-09-23 13:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2005-09-23 13:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2007-04-13 09:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2007-04-13 09:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2007-04-13 09:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2005-09-23 13:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2007-04-13 09:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2007-04-13 09:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2007-04-13 09:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2007-04-13 09:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2007-04-13 09:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2005-09-23 13:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2007-04-13 09:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2007-04-13 09:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2005-09-23 13:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2007-04-13 09:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2007-04-13 09:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2007-04-13 09:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2007-04-13 09:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2007-04-13 09:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2005-09-23 13:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2007-04-13 09:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2005-09-23 13:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2005-09-23 13:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2005-09-23 13:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2007-04-13 09:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2007-04-13 09:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2005-09-23 13:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2005-09-23 13:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2005-09-23 13:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2007-04-13 09:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2007-04-13 09:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2005-09-23 13:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2007-04-13 09:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2007-04-13 09:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2007-04-13 09:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2005-09-23 13:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    - 2007-06-17 06:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    + 2000-08-31 14:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    - 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2005-09-23 13:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
    - 2007-08-20 10:04:34 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2007-10-10 23:55:51 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-08-20 10:04:34 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    + 2007-10-10 23:55:51 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    - 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    - 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    - 2007-08-20 10:04:35 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    + 2007-10-10 23:55:52 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    - 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-08-20 10:04:37 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    + 2007-10-10 23:55:54 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    - 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    - 2007-08-20 10:04:38 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    + 2007-10-10 23:55:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    - 2007-08-17 10:20:54 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    + 2007-10-10 10:59:40 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    - 2007-08-17 10:21:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2007-10-10 10:59:52 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    - 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2007-08-20 10:04:39 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    + 2007-10-10 23:55:56 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    - 2007-08-20 10:04:39 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    + 2007-10-10 23:55:56 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    - 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    + 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    - 2007-08-20 10:04:42 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    + 2007-10-10 23:55:59 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    - 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-08

  3. #3
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default HijackThis v2.02 Logfile

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59:23 PM, on 1/19/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061004
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SXG Advisor - {5415A533-17B1-4A38-B3CA-70AEEF8C41AC} - C:\WINDOWS\dopfwrlgwx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: The egodktf - {45E9CE94-2C67-4230-92D0-E64ACD6EBA7F} - C:\WINDOWS\egodktf.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161304230609
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: aslpmqk - {B3A512CD-E947-4809-9AF0-82DC4193DBF2} - C:\WINDOWS\aslpmqk.dll
    O21 - SSODL: bxsnvqt - {A8094497-53B7-4EC3-87BE-400C31564A19} - C:\WINDOWS\bxsnvqt.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9153 bytes

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Delete your Combofix.exe file & download the newest version from here :-

    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default ComboFix Log

    ComboFix 08-01-20.1 - Doug 2008-01-19 22:52:56.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2133 [GMT -6:00]
    Running from: C:\Documents and Settings\Doug\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\dopfwrlgwx.dll
    C:\WINDOWS\egodktf.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

    ----- Unknown downloads made by BITS: ----
    http://77.91.228.180
    http://onsafepro.com
    http://thenetworkcom.com
    http://77.91.228.182
    http://softworldnetwork.com

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
    .

    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\WebUpdater
    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\MapSource
    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\Garmin
    2008-01-18 22:27 . 2008-01-18 10:20 294,912 --a------ C:\WINDOWS\aslpmqk.dll
    2007-12-24 13:37 . 2007-12-24 13:37 d-------- C:\Converted Video Files
    2007-12-24 12:02 . 2007-12-24 12:52 d-------- C:\Program Files\myMovo
    2007-12-24 11:01 . 2007-12-24 11:01 d-------- C:\Program Files\AVI Codec Pack
    2007-12-23 09:04 . 2007-12-23 09:04 d-------- C:\Documents and Settings\Doug\Application Data\Twins Software
    2007-12-23 09:03 . 2007-12-23 09:03 d-------- C:\Program Files\Twins Software
    2007-12-23 09:03 . 2007-02-05 17:07 2,912,256 --a------ C:\WINDOWS\system32\MediaInfo.dll
    2007-12-23 09:03 . 2000-02-29 21:02 57,344 --a------ C:\WINDOWS\system32\CMDRedirect.dll
    2007-12-22 11:38 . 2007-12-27 20:49 d-------- C:\Program Files\Mp3TagToolsv12
    2007-12-22 02:21 . 2008-01-06 10:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-12-21 23:06 . 2007-12-22 11:32 58 --a------ C:\WINDOWS\mymp3s.ini
    2007-12-20 21:34 . 2007-12-20 21:35 d-------- C:\Program Files\Zune
    2007-12-20 21:34 . 2007-12-20 21:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 20:44 --------- d-----w C:\Documents and Settings\Doug\Application Data\BitTorrent
    2008-01-19 18:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-01-13 15:48 --------- d-----w C:\Program Files\SlySoft
    2007-12-24 16:24 --------- d-----w C:\Documents and Settings\Doug\Application Data\U3
    2007-12-23 05:53 --------- d-----w C:\Program Files\BitTorrent
    2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-25 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-25 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-25 22:50 --------- d-----w C:\Documents and Settings\Doug\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:22 --------- d-----w C:\Program Files\Trend Micro
    2007-11-25 21:34 --------- d-----w C:\Program Files\Enigma Software Group
    2007-11-25 15:26 --------- d-----w C:\Program Files\Cosmi
    2007-11-22 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
    2007-11-20 03:57 --------- d-----w C:\Program Files\Google
    2007-06-30 00:09 92,064 ----a-w C:\Documents and Settings\Doug\mqdmmdm.sys
    2007-06-30 00:09 9,232 ----a-w C:\Documents and Settings\Doug\mqdmmdfl.sys
    2007-06-30 00:09 79,328 ----a-w C:\Documents and Settings\Doug\mqdmserd.sys
    2007-06-30 00:09 66,656 ----a-w C:\Documents and Settings\Doug\mqdmbus.sys
    2007-06-30 00:09 6,208 ----a-w C:\Documents and Settings\Doug\mqdmcmnt.sys
    2007-06-30 00:09 5,936 ----a-w C:\Documents and Settings\Doug\mqdmwhnt.sys
    2007-06-30 00:09 4,048 ----a-w C:\Documents and Settings\Doug\mqdmcr.sys
    2007-06-30 00:09 25,600 ----a-w C:\Documents and Settings\Doug\usbsermptxp.sys
    2007-06-30 00:09 22,768 ----a-w C:\Documents and Settings\Doug\usbsermpt.sys
    2007-01-20 05:27 0 ----a-w C:\Documents and Settings\Doug\^0^DRL^0^.exe
    2006-10-07 00:06 88 --sh--r C:\WINDOWS\system32\C5BBE038DF.sys
    2006-10-07 00:06 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-01-19_12.55.30.76 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-19 18:53:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-20 04:52:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-19 18:53:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-20 04:52:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-19 18:53:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-20 04:52:41 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-19 18:53:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-20 04:52:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-19 18:53:27 4,653,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-20 04:52:41 4,661,248 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-19 18:53:27 270,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-20 04:52:41 270,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-20 04:56:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_590.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 17:17 282624 C:\WINDOWS\stsystra.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-04 07:31 98304]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
    "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-10-06 21:54:07 25214]
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 16:41:38 323646]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 17:11:12 28672]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "aslpmqk"= {B3A512CD-E947-4809-9AF0-82DC4193DBF2} - C:\WINDOWS\aslpmqk.dll [2008-01-18 10:20 294912]
    "bxsnvqt"= {A8094497-53B7-4EC3-87BE-400C31564A19} - C:\WINDOWS\bxsnvqt.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    --a------ 2006-11-07 14:49 1121280 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-09-27 19:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
    R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
    S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86276538-b487-11db-928b-001372e44736}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-07-23 16:49:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1176041582.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 22:57:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-19 22:59:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-20 04:59:11
    ComboFix2.txt 2008-01-19 18:55:46
    ComboFix3.txt 2007-12-01 00:28:42
    ComboFix4.txt 2007-11-30 13:04:44
    .
    2008-01-15 04:23:39 --- E O F ---

  6. #6
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:02:26 PM, on 1/19/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061004
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161304230609
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: aslpmqk - {B3A512CD-E947-4809-9AF0-82DC4193DBF2} - C:\WINDOWS\aslpmqk.dll
    O21 - SSODL: bxsnvqt - {A8094497-53B7-4EC3-87BE-400C31564A19} - C:\WINDOWS\bxsnvqt.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8850 bytes

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Do you know what this is ?

    2007-12-21 23:06 . 2007-12-22 11:32 58 --a------ C:\WINDOWS\mymp3s.ini

    These files which Combofix failed to delete contain the job files information for the Background_Intelligent_Transfer_Service to download files when bandwidth is not being used (in the background) there are certain programs which use this method (windows updates is one) but it appears some unknown program has been using it to download spam (adware)

    First I want you to find & delete these files :-

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    If they wont, try to delete the Downloader folder ... Don't try to delete anything else ... Then reboot

    The files, & the downloader folder (if you deleted it) will be recreated when you reboot.

    Then...

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:
    File::
    C:\WINDOWS\aslpmqk.dll
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 
    "aslpmqk"=-
    "bxsnvqt"=-
    Save this as "CFScript.txt"

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  8. #8
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default

    I don't know what this file is: mymp3s.ini

    The only thing I can think of is that it might be associated with my Microsoft Zune software. I tried to delete the files you recommended but could not. I will follow with the ComboFix log and Hijackthis log.

  9. #9
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default ComboFix Log

    ComboFix 08-01-20.1 - Doug 2008-01-20 22:03:31.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2599 [GMT -6:00]
    Running from: C:\Documents and Settings\Doug\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Doug\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE
    C:\WINDOWS\aslpmqk.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\aslpmqk.dll

    ----- Unknown downloads made by BITS: ----
    http://softworldnetwork.com
    http://onsafepro.com
    .
    ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
    .

    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\WebUpdater
    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\MapSource
    2008-01-19 09:41 . 2008-01-19 09:41 d-------- C:\Garmin
    2007-12-24 13:37 . 2007-12-24 13:37 d-------- C:\Converted Video Files
    2007-12-24 12:02 . 2007-12-24 12:52 d-------- C:\Program Files\myMovo
    2007-12-24 11:01 . 2007-12-24 11:01 d-------- C:\Program Files\AVI Codec Pack
    2007-12-23 09:04 . 2007-12-23 09:04 d-------- C:\Documents and Settings\Doug\Application Data\Twins Software
    2007-12-23 09:03 . 2007-12-23 09:03 d-------- C:\Program Files\Twins Software
    2007-12-23 09:03 . 2007-02-05 17:07 2,912,256 --a------ C:\WINDOWS\system32\MediaInfo.dll
    2007-12-23 09:03 . 2000-02-29 21:02 57,344 --a------ C:\WINDOWS\system32\CMDRedirect.dll
    2007-12-22 11:38 . 2007-12-27 20:49 d-------- C:\Program Files\Mp3TagToolsv12
    2007-12-22 02:21 . 2008-01-06 10:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-12-21 23:06 . 2007-12-22 11:32 58 --a------ C:\WINDOWS\mymp3s.ini

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 20:44 --------- d-----w C:\Documents and Settings\Doug\Application Data\BitTorrent
    2008-01-19 18:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-01-13 15:48 --------- d-----w C:\Program Files\SlySoft
    2007-12-24 16:24 --------- d-----w C:\Documents and Settings\Doug\Application Data\U3
    2007-12-23 05:53 --------- d-----w C:\Program Files\BitTorrent
    2007-12-21 03:35 --------- d-----w C:\Program Files\Zune
    2007-12-21 03:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
    2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-25 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-25 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-25 22:50 --------- d-----w C:\Documents and Settings\Doug\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:22 --------- d-----w C:\Program Files\Trend Micro
    2007-11-25 21:34 --------- d-----w C:\Program Files\Enigma Software Group
    2007-11-25 15:26 --------- d-----w C:\Program Files\Cosmi
    2007-11-22 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
    2007-06-30 00:09 92,064 ----a-w C:\Documents and Settings\Doug\mqdmmdm.sys
    2007-06-30 00:09 9,232 ----a-w C:\Documents and Settings\Doug\mqdmmdfl.sys
    2007-06-30 00:09 79,328 ----a-w C:\Documents and Settings\Doug\mqdmserd.sys
    2007-06-30 00:09 66,656 ----a-w C:\Documents and Settings\Doug\mqdmbus.sys
    2007-06-30 00:09 6,208 ----a-w C:\Documents and Settings\Doug\mqdmcmnt.sys
    2007-06-30 00:09 5,936 ----a-w C:\Documents and Settings\Doug\mqdmwhnt.sys
    2007-06-30 00:09 4,048 ----a-w C:\Documents and Settings\Doug\mqdmcr.sys
    2007-06-30 00:09 25,600 ----a-w C:\Documents and Settings\Doug\usbsermptxp.sys
    2007-06-30 00:09 22,768 ----a-w C:\Documents and Settings\Doug\usbsermpt.sys
    2007-01-20 05:27 0 ----a-w C:\Documents and Settings\Doug\^0^DRL^0^.exe
    2006-10-07 00:06 88 --sh--r C:\WINDOWS\system32\C5BBE038DF.sys
    2006-10-07 00:06 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-01-19_12.55.30.76 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-19 18:53:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-21 04:03:17 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-19 18:53:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-21 04:03:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-19 18:53:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-21 04:03:17 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-19 18:53:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-21 04:03:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-19 18:53:27 4,653,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-21 04:03:17 3,334,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    - 2008-01-19 18:53:27 270,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-21 04:03:17 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-21 04:03:17 4,681,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\NTUSER.DAT
    + 2008-01-21 04:03:17 270,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat
    + 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_aspnet_isapi.dll
    + 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_CORPerfMonExt.dll
    + 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_fusion.dll
    + 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorjit.dll
    + 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorlib.dll
    + 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorsn.dll
    + 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorsvr.dll
    + 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorwks.dll
    + 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_msvcr71.dll
    + 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_PerfCounter.dll
    + 2008-01-21 04:19:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 17:17 282624 C:\WINDOWS\stsystra.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-04 07:31 98304]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
    "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-10-06 21:54:07 25214]
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 16:41:38 323646]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 17:11:12 28672]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    --a------ 2006-11-07 14:49 1121280 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-09-27 19:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
    R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
    S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86276538-b487-11db-928b-001372e44736}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-07-23 16:49:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1176041582.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 22:19:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-20 22:21:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-21 04:21:28
    ComboFix2.txt 2008-01-20 04:59:14
    ComboFix3.txt 2008-01-19 18:55:46
    ComboFix4.txt 2007-12-01 00:28:42
    ComboFix5.txt 2007-11-30 13:04:44
    .
    2008-01-20 20:55:24 --- E O F ---

  10. #10
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO
    Posts
    25
    Points
    0

    Default HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:25:45 PM, on 1/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061004
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161304230609
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8586 bytes

Page 1 of 2 12 LastLast