Solved Random pop-ups

Helenster · 2007/10/14

[Resolved] Random pop-ups

Hello again! I'm posting for a friend because he's been having problems with his computer. He says that he keeps getting random pop-ups even when he's not using I.E. I think it may have been from clicking one of those AIM trojans, but I'm not sure. There were programs like command.exe running, but Spybot S&D suppressed it. He tried scanning with AVG Anti-Virus, but it didn't detect anything.

Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:19 PM, on 10/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O2 - BHO: (no name) - {02829ABF-5613-4422-8D98-DE71436A1536} - C:\Program Files\Internet Explorer\hokesotu4444.dll
O2 - BHO: 0 - {2C01D705-362E-4A9D-39A1-D1C075AB102A} - C:\Program Files\WindowsUpdate\lavu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6896FC52-567D-4398-9C33-A67D2607939D} - C:\Program Files\Internet Explorer\hokesotu83122.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Flash Module - {7A70C9D8-99E3-4049-ABC6-219EC2DAFC04} - btaskv.dll (file missing)
O2 - BHO: (no name) - {8b676977-bad9-4352-bf85-f7d7bbd419cf} - C:\WINDOWS\System32\nxvvggq.dll
O2 - BHO: IKatzu Class - {EA5159DF-E413-4878-8AE2-D921D41BB942} - C:\WINDOWS\System32\bkini.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: khfeefg - khfeefg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\profsy.html

--
End of file - 7066 bytes

noahdfear · 2007/10/14

Hi Helenster

First thing you should do with that computer is install Service Pack 1 from Microsoft. Without it, that machine could easily become re-infected more quickly than we can clean it. Do NOT install any other updates at this time.

Download SP1a

Then, we'll start with VundoFix.
Download VundoFix by Atribune, saving it to your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt and a new HijackThis log in a reply to this thread.

Note: It is possible that VundoFix encounters a file it could not remove. In this case, VundoFix will run on reboot. If that happens, follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Helenster · 2007/10/14

Alright, my friend is having trouble installing Service Pack 1. He bought his computer, which included Windows, from a store, but it says "The product key used to install windows is invalid. "

He used VundoFix, but after he rebooted his computer, there were endless amounts of pop-ups.

Here's the VundoFix log:
VundoFix V6.5.10

Checking Java version...

Scan started at 8:20:06 PM 10/14/2007

Listing files found while scanning....

C:\WINDOWS\System32\khfeefg.dll

Beginning removal...

Performing Repairs to the registry.
Done!

Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:12 PM, on 10/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O2 - BHO: (no name) - {02829ABF-5613-4422-8D98-DE71436A1536} - C:\Program Files\Internet Explorer\hokesotu4444.dll
O2 - BHO: 0 - {2C01D705-362E-4A9D-39A1-D1C075AB102A} - C:\Program Files\WindowsUpdate\lavu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6896FC52-567D-4398-9C33-A67D2607939D} - C:\Program Files\Internet Explorer\hokesotu83122.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Flash Module - {7A70C9D8-99E3-4049-ABC6-219EC2DAFC04} - btaskv.dll (file missing)
O2 - BHO: (no name) - {8b676977-bad9-4352-bf85-f7d7bbd419cf} - C:\WINDOWS\System32\nxvvggq.dll
O2 - BHO: IKatzu Class - {EA5159DF-E413-4878-8AE2-D921D41BB942} - C:\WINDOWS\System32\bkini.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192416121077
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: khfeefg - khfeefg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\profsy.html

--
End of file - 7370 bytes

noahdfear · 2007/10/14

Download ComboFix by sUBs from here or here, saving the file to your Desktop.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Helenster · 2007/10/15

Here's the ComboFix log:
ComboFix 07-10-12.4 - Huynh 2007-10-15 19:11:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.204 [GMT -7:00]
Running from: C:\Documents and Settings\Huynh\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Huynh\~tmp1174.exe
C:\Program Files\Internet Explorer\hokesotu4444.dll
C:\Program Files\Internet Explorer\hokesotu83122.dll
C:\Program Files\ISM
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\targets.gz
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\WinAble
C:\Program Files\WindowsUpdate\profsy.html
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Downloaded Program Files.\xpreload.ocx
C:\WINDOWS\system32\nxvvggq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR

((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-15 19:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 20:20 d-------- C:\VundoFix Backups
2007-10-14 13:54 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 04:36 d-------- C:\New Folder
2007-10-14 03:57 d-------- C:\hijackthis
2007-10-14 03:26 d-------- C:\WINDOWS\pss
2007-10-14 01:41 1 --a------ C:\WINDOWS\system32\rc.dat
2007-10-14 01:41 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-10-14 01:41 1 --a------ C:\WINDOWS\system32\cs.dat
2007-10-14 01:41 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-10-14 01:41 1 --a------ C:\WINDOWS\system32\boa1.dat
2007-10-14 01:40 d-------- C:\WINDOWS\system32\oTt11e
2007-10-14 01:40 d-------- C:\Temp\fCOe
2007-10-14 01:40 111,702 --a------ C:\Documents and Settings\Huynh\1967950163.exe
2007-10-14 01:40 111,702 --a------ C:\Documents and Settings\Huynh\1704646139.exe
2007-10-14 01:40 111,698 --a------ C:\Documents and Settings\Huynh\f17046461391704646139.exe
2007-10-14 01:40 53,760 --a------ C:\WINDOWS\system32\btaskv.dll
2007-10-14 01:40 5,958 --a------ C:\WINDOWS\system32\conf.dat
2007-10-14 01:10 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 01:10 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 23:47 d-------- C:\WINDOWS\Sun
2007-10-13 20:00 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-13 20:00 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-13 20:00 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-13 19:59 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-13 17:16 d---s---- C:\WINDOWS\system32\Microsoft
2007-10-13 17:14 d-------- C:\Program Files\Grisoft(3)
2007-10-13 17:14 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(3)
2007-10-13 17:03 6,465 --ahs---- C:\WINDOWS\system32\kmllm.bak2
2007-10-13 16:54 6,465 --ahs---- C:\WINDOWS\system32\kmllm.bak1
2007-10-13 16:52 d-------- C:\Program Files\Temporary
2007-10-13 16:49 d--hs---- C:\WINDOWS\SHV5bmg
2007-10-13 16:49 421,888 --a------ C:\WINDOWS\system32\bkini.dll
2007-10-13 16:49 118,784 --a------ C:\WINDOWS\system32\artchker.exe
2007-10-13 16:49 45,056 --a------ C:\WINDOWS\system32\katzppd.exe
2007-10-13 16:49 45,056 --a------ C:\WINDOWS\system32\katzpa.exe
2007-10-13 16:49 44,922 --a------ C:\WINDOWS\system32\IKatzuUninstall.exe
2007-10-13 16:49 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-13 16:48 d-------- C:\WINDOWS\system32\vMW02a
2007-10-13 16:48 d-------- C:\WINDOWS\system32\que1
2007-10-13 16:48 d-------- C:\WINDOWS\system32\kat1
2007-10-13 16:48 d-------- C:\WINDOWS\system32\ipd2
2007-10-13 16:48 d-------- C:\WINDOWS\system32\hap1
2007-10-13 16:48 d-------- C:\WINDOWS\system32\comms2
2007-10-13 16:48 d-------- C:\Temp\xOe
2007-10-07 15:12 d-------- C:\Documents and Settings\Huynh\Application Data\AVG7
2007-10-07 15:11 d-------- C:\Program Files\Grisoft(2)
2007-10-07 15:11 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-10-06 01:56 d-------- C:\Program Files\Veoh Networks
2007-10-06 01:55 d-------- C:\WINDOWS\Downloaded Installations
2007-10-02 18:17 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-30 12:44 123,264 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys
2007-09-30 12:44 67,072 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2007-09-30 12:44 50,688 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2007-09-29 22:28 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-29 22:26 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2007-09-29 22:26 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2007-09-29 22:26 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2007-09-29 21:54 d-------- C:\Program Files\Brother
2007-09-29 21:54 d-------- C:\Brother
2007-09-29 21:54 679,936 --a------ C:\WINDOWS\system32\SendDial.exe
2007-09-29 21:54 151,552 --a------ C:\WINDOWS\system32\brfxcom.dll
2007-09-29 21:54 147,456 --------- C:\WINDOWS\brunin03.dll
2007-09-29 21:54 32,768 --a------ C:\WINDOWS\system32\brfxdial.dll
2007-09-29 21:49 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-29 21:49 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-29 21:49 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-29 21:49 24,832 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-29 17:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-29 01:06 d-------- C:\Documents and Settings\Huynh\Shared
2007-09-29 01:06 d-------- C:\Documents and Settings\Huynh\Incomplete
2007-09-29 01:06 d-------- C:\Documents and Settings\Huynh\Application Data\LimeWire
2007-09-29 01:05 d-------- C:\Program Files\Java
2007-09-29 01:03 d-------- C:\Program Files\LimeWire
2007-09-29 01:03 d-------- C:\Program Files\Common Files\Java
2007-09-28 18:52 d-------- C:\Documents and Settings\Huynh\Application Data\Viewpoint
2007-09-24 16:50 d-------- C:\Program Files\Winamp
2007-09-23 18:46 d---s---- C:\Documents and Settings\Huynh\UserData
2007-09-23 18:18 d-------- C:\Program Files\Yahoo!
2007-09-23 18:18 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-09-23 18:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-09-23 18:18 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2007-09-23 16:52 d-------- C:\Program Files\Visual Networks
2007-09-23 16:52 d-------- C:\Documents and Settings\All Users\Application Data\Visual Networks
2007-09-23 16:51 d-------- C:\Program Files\BroadJump
2007-09-23 16:51 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-09-23 16:49 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-09-23 16:48 d-------- C:\Temp
2007-09-22 22:54 d-------- C:\Documents and Settings\Huynh\Application Data\vlc
2007-09-22 22:51 d-------- C:\Documents and Settings\Huynh\Application Data\dvdcss
2007-09-22 22:50 d-------- C:\Program Files\VideoLAN
2007-09-22 21:47 d-------- C:\3fd7f1c6956d9a8873ded0f6e559d5ef
2007-09-22 21:46 d-------- C:\4
2007-09-22 21:42 218,624 --a------ C:\WINDOWS\system32\srrstr.dll
2007-09-22 21:42 218,624 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-09-22 21:40 d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-09-22 21:40 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-09-22 20:36 d-------- C:\WINDOWS\system32\bits
2007-09-22 20:35 361,984 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-09-22 20:35 331,776 --a------ C:\WINDOWS\system32\winhttp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 04:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 04:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-21 00:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-20 07:57 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 07:54 66,408 ----a-w C:\WINDOWS\system32\dxdllreg.exe
2007-07-20 07:54 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-20 01:14 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
2007-07-20 01:14 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
2007-07-20 01:14 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
2005-08-02 23:46:54 187,904 --sha-r C:\WINDOWS\SHV5bmg\asappsrv.dll
2005-08-02 23:58:38 293,888 --sha-r C:\WINDOWS\SHV5bmg\command.exe
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\SHV5bmg\mJpcvA0.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02829ABF-5613-4422-8D98-DE71436A1536}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C01D705-362E-4A9D-39A1-D1C075AB102A}]
C:\Program Files\WindowsUpdate\lavu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6896FC52-567D-4398-9C33-A67D2607939D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A70C9D8-99E3-4049-ABC6-219EC2DAFC04}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b676977-bad9-4352-bf85-f7d7bbd419cf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5159DF-E413-4878-8AE2-D921D41BB942}]
2007-10-13 16:49 421888 --a------ C:\WINDOWS\System32\bkini.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@ "=" " []
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51]
"BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"IPInSightLAN 02 "= "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52]
"IPInSightMonitor 02 "= "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 15:31]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-13 20:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@ "=" " []
"AIM "= "C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfeefg]
khfeefg.dll

S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\System32\Drivers\Brfilt.sys
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\System32\Drivers\BrSerWdm.sys
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\System32\Drivers\BrUsbScn.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 19:13:54
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-15 19:15:21 - machine was rebooted
.
--- E O F ---

Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:05 PM, on 10/15/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O2 - BHO: 0 - {2C01D705-362E-4A9D-39A1-D1C075AB102A} - C:\Program Files\WindowsUpdate\lavu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Flash Module - {7A70C9D8-99E3-4049-ABC6-219EC2DAFC04} - btaskv.dll (file missing)
O2 - BHO: IKatzu Class - {EA5159DF-E413-4878-8AE2-D921D41BB942} - C:\WINDOWS\System32\bkini.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192416121077
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: khfeefg - khfeefg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

--
End of file - 6529 bytes

noahdfear · 2007/10/16

Copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
http://www.windowsbbs.com/showthread.php?p=368337#post368337

Collect::[22]
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\cookie1.dat
C:\WINDOWS\system32\boa1.dat
C:\Documents and Settings\Huynh\1967950163.exe
C:\Documents and Settings\Huynh\1704646139.exe
C:\Documents and Settings\Huynh\f17046461391704646139.exe
C:\WINDOWS\system32\btaskv.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\bkini.dll
C:\WINDOWS\system32\artchker.exe
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\system32\katzpa.exe
C:\WINDOWS\system32\IKatzuUninstall.exe
File::
C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\msxml3a.dll
2007-10-13 16:48 d-------- 
Folder::
C:\WINDOWS\system32\oTt11e
C:\Temp\fCOe
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\que1
C:\WINDOWS\system32\kat1
C:\WINDOWS\system32\ipd2
C:\WINDOWS\system32\hap1
C:\WINDOWS\system32\comms2
C:\Temp\xOe
C:\WINDOWS\SHV5bmg
DirLook::
C:\Program Files\Temporary
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02829ABF-5613-4422-8D98-DE71436A1536}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C01D705-362E-4A9D-39A1-D1C075AB102A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6896FC52-567D-4398-9C33-A67D2607939D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A70C9D8-99E3-4049-ABC6-219EC2DAFC04}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b676977-bad9-4352-bf85-f7d7bbd419cf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5159DF-E413-4878-8AE2-D921D41BB942}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfeefg] 
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files for analysis. This means that at some point, likely after reboot when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. Make sure the computer has an internet connection. Thanks!

Helenster · 2007/10/16

Here's the ComboFix log:

Code:

ComboFix 07-10-12.4 - Huynh 2007-10-16 21:37:44.2 - NTFSx86 
Microsoft Windows XP Professional  5.1.2600.0.1252.1.1033.18.166 [GMT -7:00]
Running from: C:\Documents and Settings\Huynh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Huynh\Desktop\CFScript.txt
 * Created a new restore point

FILE::
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\msxml3a.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Huynh\1704646139.exe
C:\Documents and Settings\Huynh\1967950163.exe
C:\Documents and Settings\Huynh\f17046461391704646139.exe
C:\Temp\fCOe
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\SHV5bmg
C:\WINDOWS\SHV5bmg\asappsrv.dll
C:\WINDOWS\SHV5bmg\command.exe
C:\WINDOWS\SHV5bmg\mJpcvA0.vbs
C:\WINDOWS\system32\artchker.exe
C:\WINDOWS\system32\bkini.dll
C:\WINDOWS\system32\boa1.dat
C:\WINDOWS\system32\btaskv.dll
C:\WINDOWS\system32\comms2
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\cookie1.dat
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\hap1
C:\WINDOWS\system32\hap1\rewva12.exe
C:\WINDOWS\system32\IKatzuUninstall.exe
C:\WINDOWS\system32\ipd2
C:\WINDOWS\system32\kat1
C:\WINDOWS\system32\kat1\IKtzudll2.exe
C:\WINDOWS\system32\katzpa.exe
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\oTt11e
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\que1
C:\WINDOWS\system32\que1\aded83122.exe
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\vMW02a

.
(((((((((((((((((((((((((   Files Created from 2007-09-17 to 2007-10-17  )))))))))))))))))))))))))))))))
.

2007-10-15 21:21		d--------	C:\WINDOWS\system32\URTTemp
2007-10-15 19:38		d--------	C:\Program Files\Red Kawa
2007-10-15 19:10	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-10-14 20:20		d--------	C:\VundoFix Backups
2007-10-14 13:54		d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 04:36		d--------	C:\New Folder
2007-10-14 03:57		d--------	C:\hijackthis
2007-10-14 03:26		d--------	C:\WINDOWS\pss
2007-10-14 01:10		d--------	C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 01:10		d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 23:47		d--------	C:\WINDOWS\Sun
2007-10-13 20:00		d--------	C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-13 20:00		d--------	C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-13 20:00		d--------	C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-13 19:59		d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-13 17:16		d---s----	C:\WINDOWS\system32\Microsoft
2007-10-13 17:14		d--------	C:\Program Files\Grisoft(3)
2007-10-13 17:14		d--------	C:\Documents and Settings\All Users\Application Data\Grisoft(3)
2007-10-13 16:52		d--------	C:\Program Files\Temporary
2007-10-07 15:12		d--------	C:\Documents and Settings\Huynh\Application Data\AVG7
2007-10-07 15:11		d--------	C:\Program Files\Grisoft(2)
2007-10-07 15:11		d--------	C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-10-06 01:56		d--------	C:\Program Files\Veoh Networks
2007-10-06 01:55		d--------	C:\WINDOWS\Downloaded Installations
2007-10-02 18:17		d--------	C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-30 12:44	123,264	--a--c---	C:\WINDOWS\system32\dllcache\usbport.sys
2007-09-30 12:44	67,072	--a--c---	C:\WINDOWS\system32\dllcache\usbui.dll
2007-09-30 12:44	50,688	--a--c---	C:\WINDOWS\system32\dllcache\usbhub.sys
2007-09-29 22:28	21,760	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-29 22:26	45,056	--a------	C:\WINDOWS\system32\vusetup.dll
2007-09-29 22:26	11,392	--a------	C:\WINDOWS\system32\drivers\vulfntr.sys
2007-09-29 22:26	6,912	--a------	C:\WINDOWS\system32\drivers\vulfnth.sys
2007-09-29 21:54		d--------	C:\Program Files\Brother
2007-09-29 21:54		d--------	C:\Brother
2007-09-29 21:54	679,936	--a------	C:\WINDOWS\system32\SendDial.exe
2007-09-29 21:54	151,552	--a------	C:\WINDOWS\system32\brfxcom.dll
2007-09-29 21:54	147,456	---------	C:\WINDOWS\brunin03.dll
2007-09-29 21:54	32,768	--a------	C:\WINDOWS\system32\brfxdial.dll
2007-09-29 21:49	24,960	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-29 21:49	24,960	--a--c---	C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-29 21:49	24,832	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-29 21:49	24,832	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-29 17:59	499,712	--a------	C:\WINDOWS\system32\msvcp71.dll
2007-09-29 01:06		d--------	C:\Documents and Settings\Huynh\Shared
2007-09-29 01:06		d--------	C:\Documents and Settings\Huynh\Incomplete
2007-09-29 01:06		d--------	C:\Documents and Settings\Huynh\Application Data\LimeWire
2007-09-29 01:05		d--------	C:\Program Files\Java
2007-09-29 01:03		d--------	C:\Program Files\LimeWire
2007-09-29 01:03		d--------	C:\Program Files\Common Files\Java
2007-09-28 18:52		d--------	C:\Documents and Settings\Huynh\Application Data\Viewpoint
2007-09-24 16:50		d--------	C:\Program Files\Winamp
2007-09-23 18:46		d---s----	C:\Documents and Settings\Huynh\UserData
2007-09-23 18:18		d--------	C:\Program Files\Yahoo!
2007-09-23 18:18	344,064	--a------	C:\WINDOWS\system32\msvcr70.dll
2007-09-23 18:18	84,992	--a------	C:\WINDOWS\system32\ATL70.DLL
2007-09-23 18:18	65,536	--a------	C:\WINDOWS\system32\YCRWin32.dll
2007-09-23 16:52		d--------	C:\Program Files\Visual Networks
2007-09-23 16:52		d--------	C:\Documents and Settings\All Users\Application Data\Visual Networks
2007-09-23 16:51		d--------	C:\Program Files\BroadJump
2007-09-23 16:51	306,688	--a------	C:\WINDOWS\IsUninst.exe
2007-09-23 16:49	49,424	--a------	C:\WINDOWS\system32\clspack.exe
2007-09-23 16:48		d--------	C:\Temp
2007-09-22 22:54		d--------	C:\Documents and Settings\Huynh\Application Data\vlc
2007-09-22 22:51		d--------	C:\Documents and Settings\Huynh\Application Data\dvdcss
2007-09-22 22:50		d--------	C:\Program Files\VideoLAN
2007-09-22 21:47		d--------	C:\3fd7f1c6956d9a8873ded0f6e559d5ef
2007-09-22 21:46		d--------	C:\4
2007-09-22 21:42	218,624	--a------	C:\WINDOWS\system32\srrstr.dll
2007-09-22 21:42	218,624	--a--c---	C:\WINDOWS\system32\dllcache\srrstr.dll
2007-09-22 21:40		d--h-c---	C:\WINDOWS\$xpsp1hfm$
2007-09-22 21:40	26,112	--a------	C:\WINDOWS\system32\xpsp1hfm.exe
2007-09-22 20:36		d--------	C:\WINDOWS\system32\bits
2007-09-22 20:35	361,984	--a--c---	C:\WINDOWS\system32\dllcache\qmgr.dll
2007-09-22 20:35	331,776	--a------	C:\WINDOWS\system32\winhttp.dll
2007-09-22 20:35	158,720	--a------	C:\WINDOWS\system32\xpob2res.dll
2007-09-22 20:35	17,408	--a------	C:\WINDOWS\system32\qmgrprxy.dll
2007-09-22 20:35	17,408	--a--c---	C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-09-22 20:35	7,680	-----c---	C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-09-22 20:35	7,680	--a------	C:\WINDOWS\system32\bitsprx2.dll
2007-09-22 20:35	7,168	-----c---	C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-09-22 20:35	7,168	--a------	C:\WINDOWS\system32\bitsprx3.dll
2007-09-22 20:29	549,720	--a------	C:\WINDOWS\system32\wuapi.dll
2007-09-22 20:29	325,976	--a------	C:\WINDOWS\system32\wucltui.dll
2007-09-22 20:29	203,096	--a------	C:\WINDOWS\system32\wuweb.dll
2007-09-22 20:29	186,136	--a------	C:\WINDOWS\system32\wuaueng1.dll
2007-09-22 20:29	167,704	--a------	C:\WINDOWS\system32\wuauclt1.exe
2007-09-22 20:29	33,624	--a------	C:\WINDOWS\system32\wups.dll
2007-09-21 18:36		d--------	C:\Documents and Settings\Huynh\Application Data\Ventrilo
2007-09-21 18:35		d--------	C:\Program Files\Ventrilo
2007-09-21 18:35		d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-09-20 20:06		d--------	C:\Program Files\Viewpoint
2007-09-20 20:06		d--------	C:\Program Files\AOD
2007-09-20 20:06		d--------	C:\Program Files\AIM
2007-09-20 20:06		d--------	C:\Documents and Settings\Huynh\Application Data\Aim
2007-09-20 20:06		d--------	C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-20 20:06	348,160	--a------	C:\WINDOWS\system32\msvcr71.dll
2007-09-20 19:08	17,920	--a------	C:\WINDOWS\system32\mdimon.dll
2007-09-20 19:06		d--------	C:\Program Files\Microsoft.NET
2007-09-20 19:06		d--------	C:\Program Files\Microsoft ActiveSync
2007-09-20 19:04		d--------	C:\WINDOWS\SHELLNEW

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 04:54	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-09-30 04:54	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-09-21 00:21	---------	d-----w	C:\Program Files\microsoft frontpage
2007-07-31 02:19	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19	1,712,984	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18	207,736	----a-w	C:\WINDOWS\system32\muweb.dll
2007-07-20 07:57	267,112	----a-w	C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 07:54	66,408	----a-w	C:\WINDOWS\system32\dxdllreg.exe
2007-07-20 07:54	18,280	----a-w	C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-20 01:14	444,776	----a-w	C:\WINDOWS\system32\d3dx10_35.dll
2007-07-20 01:14	3,727,720	----a-w	C:\WINDOWS\system32\d3dx9_35.dll
2007-07-20 01:14	1,358,192	----a-w	C:\WINDOWS\system32\D3DCompiler_35.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Temporary ----


---- Directory of C:\VundoFix Backups ----

2007-10-14 20:22	33	--a------	C:\VundoFix Backups\addmorefiles.txt 


(((((((((((((((((((((((((((((   snapshot@2007-10-15_19.14.19.82   )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-23 12:00:00	2,044,928	-c----w	C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll
+ 2001-08-23 12:00:00	63,488	-c----w	C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
+ 2001-08-23 12:00:00	304,640	-c----w	C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msihnd.dll
+ 2001-08-23 12:00:00	847,872	-c----w	C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msimsg.dll
+ 2001-08-23 12:00:00	39,936	-c----w	C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msisip.dll
+ 2005-05-04 21:45:26	209,632	-c----w	C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2005-05-04 21:45:28	371,936	-c----w	C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
+ 2007-10-16 04:21:22	7,680	----a-w	C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2007-10-16 04:21:16	12,288	----a-w	C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2007-10-16 04:21:22	33,792	----a-w	C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-10-16 04:21:29	7,168	----a-w	C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-10-16 04:21:22	32,768	----a-w	C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-10-16 04:21:22	4,608	----a-w	C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2007-10-16 04:21:22	26,112	----a-w	C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2007-10-16 04:21:16	716,800	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-10-16 04:21:15	28,672	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-16 04:21:16	299,008	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-10-16 04:21:16	6,144	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2007-10-16 04:21:15	11,264	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-16 04:21:14	32,768	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2007-10-16 04:21:15	6,656	----a-w	C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2007-10-16 04:21:24	1,564,672	----a-w	C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2007-10-16 04:21:29	32,768	----a-w	C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2007-10-16 04:21:24	77,824	----a-w	C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2007-10-16 04:21:30	299,008	----a-w	C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-10-16 04:21:24	1,290,240	----a-w	C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2007-10-16 04:21:24	1,699,840	----a-w	C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-10-16 04:21:25	86,016	----a-w	C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-10-16 04:21:25	65,536	----a-w	C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2007-10-16 04:21:26	466,944	----a-w	C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-10-16 04:21:25	241,664	----a-w	C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-10-16 04:21:25	64,000	----a-w	C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2007-10-16 04:21:26	368,640	----a-w	C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-10-16 04:21:26	241,664	----a-w	C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-10-16 04:21:26	323,584	----a-w	C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-10-16 04:21:26	131,072	----a-w	C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-16 04:21:26	77,824	----a-w	C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-10-16 04:21:26	126,976	----a-w	C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-10-16 04:21:29	819,200	----a-w	C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-10-16 04:21:27	57,344	----a-w	C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-10-16 04:21:28	569,344	----a-w	C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-10-16 04:21:27	1,245,184	----a-w	C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-10-16 04:21:28	2,039,808	----a-w	C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-10-16 04:21:29	1,335,296	----a-w	C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2007-10-16 04:21:25	1,216,512	----a-w	C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-10-16 04:35:12	68,608	----a-w	C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-10-16 04:35:27	72,192	----a-w	C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2007-10-16 04:35:28	4,308,992	----a-w	C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2007-10-16 04:35:29	482,304	----a-w	C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-10-16 04:35:22	2,878,976	----a-w	C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2007-10-16 04:35:03	258,048	----a-w	C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-10-16 04:35:03	114,176	----a-w	C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2007-10-16 04:35:35	260,096	----a-w	C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2007-10-16 04:35:17	5,025,792	----a-w	C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-10-16 04:35:11	10,752	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2007-10-16 04:35:02	503,808	----a-w	C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2007-10-16 04:35:06	13,312	----a-w	C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2007-10-16 04:35:25	8,192	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-10-16 04:35:25	36,864	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-10-16 04:35:26	5,632	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2007-10-16 04:35:08	413,696	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2007-10-16 04:35:09	36,864	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2007-10-16 04:35:10	647,168	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2007-10-16 04:35:10	73,728	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2007-10-16 04:35:07	745,472	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-10-16 04:35:38	110,592	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-16 04:35:37	372,736	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-16 04:34:56	28,672	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-16 04:35:37	667,648	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-10-16 04:35:38	5,632	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2007-10-16 04:34:59	12,800	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-16 04:34:58	32,768	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2007-10-16 04:34:58	7,168	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2007-10-16 04:35:32	110,592	----a-w	C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2007-10-16 04:35:13	81,920	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2007-10-16 04:35:32	389,120	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2007-10-16 04:35:29	716,800	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2007-10-16 04:35:05	884,736	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2007-10-16 04:35:24	5,050,368	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-10-16 04:35:15	188,416	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2007-10-16 04:35:14	397,312	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-10-16 04:35:15	81,920	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2007-10-16 04:35:34	700,416	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-10-16 04:35:30	368,640	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-10-16 04:35:35	258,048	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-10-16 04:35:31	299,008	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-10-16 04:35:31	131,072	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-16 04:35:12	258,048	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-10-16 04:35:16	114,688	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-10-16 04:35:36	835,584	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-10-16 04:35:18	86,016	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-10-16 04:35:19	823,296	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-10-16 04:35:20	5,316,608	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-10-16 04:35:21	2,035,712	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2007-10-16 04:35:33	3,018,752	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-10-16 05:13:39	26,624	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d234e2924bc71349af30c88f0d162ed4\Accessibility.ni.dll
+ 2007-10-17 00:14:53	860,160	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f42dfba669c270489ab47060fd9ec671\AspNetMMCExt.ni.dll
+ 2007-10-17 00:14:56	237,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e50c4842942b374cb71e41ed9000eb4e\CustomMarshalers.ni.dll
+ 2007-10-17 00:14:55	15,360	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\b7684ceda25ca947912ef682f6ee43db\dfsvc.ni.exe
+ 2007-10-17 00:15:02	880,640	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\838b2220bb962c4f9d1c957062abfe3a\Microsoft.Build.Engine.ni.dll
+ 2007-10-17 00:15:03	81,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b9dca39de702a04780de4cc5780e0adb\Microsoft.Build.Framework.ni.dll
+ 2007-10-17 00:15:15	1,691,648	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\ddfd7999ede1bd46b9219841897c31fb\Microsoft.Build.Tasks.ni.dll
+ 2007-10-17 00:15:16	163,840	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fa41b66dd64fb24299bbc96977bb9d21\Microsoft.Build.Utilities.ni.dll
+ 2007-10-17 00:15:26	1,724,416	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\[u]0[/u]c2bc8c04691eb4eb2a563a0ef8c71fb\Microsoft.VisualBasic.ni.dll
+ 2007-10-16 04:36:24	11,411,456	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\a451ba46c85ff84d8b721cec4e1c8457\mscorlib.ni.dll
+ 2007-10-17 00:15:32	962,560	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b5f78631134264449b9a11274a77879e\System.Configuration.ni.dll
+ 2007-10-16 04:37:42	6,688,768	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\293d84da5a86c14fbddcf5188222ab4b\System.Data.ni.dll
+ 2007-10-17 00:15:38	1,716,224	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\4e60fa7caa759f41a5d5ab21008edd76\System.Deployment.ni.dll
+ 2007-10-16 04:38:03	10,723,328	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\[u]0[/u]8b4387fbe3f9d4a8fae7833dc86407d\System.Design.ni.dll
+ 2007-10-17 00:31:21	512,000	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1a4af844ecc1674dbc533a16a97e6a4b\System.DirectoryServices.Protocols.ni.dll
+ 2007-10-17 00:31:16	1,220,608	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bc6892c21971144a8290688670e40ae8\System.DirectoryServices.ni.dll
+ 2007-10-16 04:36:51	229,376	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\3e23f663486b4a4187abdf1d20eadf99\System.Drawing.Design.ni.dll
+ 2007-10-16 04:36:57	1,626,112	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\2f8f25b93db9be43b3d1aed0fa0b6589\System.Drawing.ni.dll
+ 2007-10-17 00:31:27	659,456	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9ae86c433235e14f9d9c84a26f2f9604\System.EnterpriseServices.ni.dll
+ 2007-10-17 00:31:27	294,912	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9ae86c433235e14f9d9c84a26f2f9604\System.EnterpriseServices.Wrapper.dll
+ 2007-10-17 00:31:31	729,088	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\6a758d8977fc664ebb76b2c81eb8ab89\System.Security.ni.dll
+ 2007-10-17 00:31:33	684,032	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\a12b3ad589c39447a37abb2b6e2bdfa7\System.Transactions.ni.dll
+ 2007-10-17 00:32:13	2,310,144	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f2fe7725cdab9544a9b83736380b94be\System.Web.Mobile.ni.dll
+ 2007-10-17 00:32:14	237,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3b00497fc68eea4eb3572e724626bdc1\System.Web.RegularExpressions.ni.dll
+ 2007-10-17 00:32:18	1,945,600	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a3389f440a5cd84eb372b26c05b11d54\System.Web.Services.ni.dll
+ 2007-10-17 00:32:05	11,808,768	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\215622008e117447a5b943ac1b8b3b13\System.Web.ni.dll
+ 2007-10-16 04:37:18	13,107,200	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\be1c051c4850cd43b69d7453af0bc72d\System.Windows.Forms.ni.dll
+ 2007-10-16 04:37:29	5,640,192	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9844951ef1e68845809e16afc4fbb82f\System.Xml.ni.dll
+ 2007-10-16 04:36:48	8,093,696	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\[u]0[/u]189706d2ed52045a5fe460f07bfaeb8\System.ni.dll
+ 2007-10-16 04:22:17	61,440	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_868dc1d3\CustomMarshalers.dll
+ 2007-10-16 04:22:21	3,289,088	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f70e0fe5\mscorlib.dll
+ 2007-10-16 04:22:29	1,462,272	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_621ba52b\System.Design.dll
+ 2007-10-16 04:22:33	90,112	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f4007c24\System.Drawing.Design.dll
+ 2007-10-16 04:22:35	835,584	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fe2570ed\System.Drawing.dll
+ 2007-10-16 04:22:41	2,994,176	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a1df106e\System.Windows.Forms.dll
+ 2007-10-16 04:22:46	2,076,672	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f8621659\System.Xml.dll
+ 2007-10-16 04:22:33	1,929,216	----a-w	C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4fe67bf7\System.dll
+ 2005-09-23 14:28:52	72,704	----a-w	C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 16:42:38	5,632	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-07-19 18:52:48	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 19:45:32	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 16:42:38	5,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 14:28:52	7,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 14:28:56	7,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 14:28:58	7,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 14:28:56	7,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 14:28:52	86,528	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2003-02-21 09:59:44	16,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 10:55:06	94,208	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 10:02:16	131,072	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 12:04:20	155,648	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 14:24:08	7,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 12:00:36	98,304	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 02:19:42	24,576	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 02:19:32	253,952	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 02:19:22	40,960	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-21 02:19:34	20,480	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 02:19:38	32,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-21 02:19:36	32,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 18:11:50	219,136	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 14:24:10	94,208	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 14:24:32	49,152	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 02:09:08	77,824	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 17:20:44	49,152	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 17:21:00	626,688	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 14:24:34	12,288	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 14:24:36	33,792	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 11:12:24	28,672	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 17:21:40	524,288	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 02:16:32	798,720	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 02:06:20	282,624	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 14:24:38	7,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 14:24:38	7,168	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 14:24:40	32,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 14:24:40	4,608	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 02:09:40	196,608	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 14:24:42	15,872	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 02:22:24	40,960	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 14:24:44	26,112	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 14:24:52	40,960	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 14:26:36	716,800	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 14:26:38	299,008	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 14:24:54	28,672	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 14:25:02	6,144	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 14:24:58	32,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 14:25:06	11,264	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 14:25:02	6,656	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 14:25:04	49,152	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 14:25:04	49,152	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 14:25:06	1,564,672	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2003-02-21 02:09:12	77,824	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 02:09:12	233,472	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 02:09:14	86,016	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

Helenster · 2007/10/16

ComboFix log cont.:

Code:

+ 2003-02-21 02:06:32	311,296	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-21 02:09:16	98,304	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 14:26:34	2,088,960	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 01:43:52	131,072	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-21 02:06:34	65,536	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-21 02:09:18	143,360	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-21 02:09:18	81,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 02:09:18	77,824	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-21 02:07:34	2,494,464	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 02:09:24	9,216	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 02:08:32	2,482,176	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 11:42:22	348,160	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-21 02:18:34	20,480	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-21 01:43:36	22,528	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\[u]0[/u]409\mscorsecr.dll
+ 2003-02-21 02:09:46	73,728	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-21 02:09:30	90,112	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 14:25:24	28,672	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 14:26:46	32,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 14:25:30	12,288	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 02:09:34	253,952	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 02:09:34	122,880	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 02:09:34	319,488	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 14:26:38	77,824	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 14:26:38	1,290,240	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 14:25:42	299,008	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 14:26:42	1,699,840	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 14:26:44	86,016	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 14:26:46	1,216,512	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 14:26:48	65,536	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 14:26:50	466,944	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 14:26:50	241,664	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 02:09:36	64,000	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 14:26:52	368,640	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 14:26:54	241,664	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 14:26:56	323,584	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 14:26:56	131,072	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 14:26:58	77,824	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 14:27:00	126,976	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 14:27:02	1,245,184	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 14:27:06	819,200	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 14:24:18	57,344	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 14:27:06	569,344	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 14:27:08	2,039,808	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 14:27:10	1,335,296	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 17:20:38	737,280	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 12:04:18	1,032,192	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 03:10:40	31,744	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2005-09-23 14:28:36	18,944	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 14:28:42	136,192	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 14:28:44	4,608	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 14:29:04	183,808	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 14:28:28	208,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 14:28:56	10,752	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 14:28:58	138,240	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 14:28:36	87,552	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 14:28:58	55,488	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 14:28:32	36,864	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 14:28:32	10,752	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 14:28:32	8,192	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 14:28:32	23,552	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 14:28:32	70,656	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 14:28:32	13,824	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 14:28:32	26,824	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 14:28:32	106,496	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 14:28:32	29,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 14:28:32	29,888	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 14:28:32	503,808	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 14:28:56	106,496	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 14:28:56	88,576	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 14:28:42	76,984	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 14:28:42	1,144,832	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 14:28:42	13,312	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 14:28:58	17,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 14:28:56	68,608	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 14:28:44	31,936	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 14:28:38	52,736	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 14:28:38	4,608	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 14:29:12	547,840	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 14:28:56	788,992	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 14:28:50	9,216	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 14:28:56	9,728	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 14:28:56	8,192	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 14:28:56	36,864	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 14:28:56	5,632	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 14:28:56	224,952	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 14:28:56	28,672	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 14:28:56	55,296	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 14:28:56	72,192	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 14:28:48	40,960	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 14:01:16	609,472	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 13:29:48	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 13:32:24	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 13:34:10	82,944	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 13:34:12	81,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 13:34:44	85,504	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 13:36:24	87,552	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 10:46:14	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 13:38:26	81,408	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 13:38:52	86,016	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 13:40:30	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 13:40:32	83,968	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 13:40:56	84,480	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 13:42:58	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 13:44:58	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 13:46:38	83,456	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 13:46:38	81,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 13:46:40	83,456	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 13:47:04	82,432	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 13:47:30	82,432	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 13:47:32	81,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 13:47:32	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 13:30:18	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 13:47:06	84,480	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 13:29:50	80,896	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 13:36:48	85,504	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 14:57:06	245,408	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 14:28:48	413,696	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 14:28:48	36,864	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 14:28:48	647,168	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 14:28:48	73,728	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 14:28:48	745,472	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 14:29:10	110,592	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 14:29:10	372,736	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 14:29:08	667,648	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 14:28:30	28,672	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 14:29:10	5,632	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 14:28:30	32,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 14:28:30	12,800	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 14:28:30	7,168	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 14:28:32	87,552	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 14:28:48	69,632	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 14:28:56	800,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 14:28:56	73,216	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 14:28:56	288,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 14:28:56	36,864	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 14:28:56	326,144	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 14:28:56	81,408	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 14:28:56	4,308,992	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 14:28:56	102,400	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 14:29:00	330,752	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 14:28:56	67,072	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 14:28:50	9,216	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 14:28:56	226,816	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 14:28:56	66,240	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 14:28:56	10,240	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 14:28:50	5,615,616	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 14:29:00	22,528	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\[u]0[/u]409\mscorsecr.dll
+ 2005-09-23 14:28:56	96,440	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 14:28:56	14,848	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 14:28:56	78,336	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 14:28:50	136,192	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 14:28:56	53,248	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 14:28:56	32,768	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 14:29:02	59,072	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 14:28:58	7,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 14:28:56	107,520	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 14:29:00	85,504	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 14:28:56	377,344	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 14:28:56	110,592	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 14:28:58	389,120	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 14:28:56	81,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 14:28:56	2,878,976	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 14:28:56	482,304	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 14:28:56	716,800	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 14:28:38	884,736	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 14:28:56	5,050,368	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 14:28:56	397,312	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 14:28:56	188,416	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 14:28:56	3,018,752	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 14:28:56	81,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 14:28:56	700,416	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 14:28:56	258,048	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 14:28:56	47,616	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 14:28:56	114,176	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 14:28:56	368,640	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 14:28:56	258,048	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 14:28:56	299,008	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 14:28:56	131,072	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 14:28:56	258,048	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 14:28:56	114,688	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 14:28:56	260,096	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 14:28:56	5,025,792	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 14:28:56	835,584	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 14:28:56	86,016	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 14:28:56	823,296	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 14:28:56	5,316,608	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 14:28:56	2,035,712	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 14:28:56	71,680	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 14:29:06	1,140,920	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 14:28:30	1,306,624	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 14:28:32	298,496	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 14:28:56	28,160	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-16 02:11:21	258,048	----a-w	C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-10-17 04:37:23	258,048	----a-w	C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2005-09-23 14:28:38	83,456	----a-w	C:\WINDOWS\system32\dfshim.dll
- 2001-08-23 12:00:00	2,044,928	-c--a-w	C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 21:45:32	2,890,240	-c--a-w	C:\WINDOWS\system32\dllcache\msi.dll
- 2001-08-23 12:00:00	63,488	-c--a-w	C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 21:45:36	78,848	-c--a-w	C:\WINDOWS\system32\dllcache\msiexec.exe
- 2001-08-23 12:00:00	304,640	-c--a-w	C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 21:45:36	271,360	-c--a-w	C:\WINDOWS\system32\dllcache\msihnd.dll
- 2001-08-23 12:00:00	847,872	-c--a-w	C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 21:45:36	884,736	-c--a-w	C:\WINDOWS\system32\dllcache\msimsg.dll
- 2001-08-23 12:00:00	39,936	-c--a-w	C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 21:45:36	15,360	-c--a-w	C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-09-23 14:28:52	270,848	----a-w	C:\WINDOWS\system32\mscoree.dll
+ 2005-09-23 14:28:52	150,016	----a-w	C:\WINDOWS\system32\mscorier.dll
+ 2005-09-23 14:28:52	74,240	----a-w	C:\WINDOWS\system32\mscories.dll
- 2001-08-23 12:00:00	2,044,928	----a-w	C:\WINDOWS\system32\msi.dll
+ 2005-05-04 21:45:32	2,890,240	----a-w	C:\WINDOWS\system32\msi.dll
- 2001-08-23 12:00:00	63,488	----a-w	C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 21:45:36	78,848	----a-w	C:\WINDOWS\system32\msiexec.exe
- 2001-08-23 12:00:00	304,640	----a-w	C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 21:45:36	271,360	----a-w	C:\WINDOWS\system32\msihnd.dll
- 2001-08-23 12:00:00	847,872	----a-w	C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 21:45:36	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll
- 2001-08-23 12:00:00	39,936	----a-w	C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 21:45:36	15,360	----a-w	C:\WINDOWS\system32\msisip.dll
+ 2003-02-21 01:43:36	4,096	----a-w	C:\WINDOWS\system32\mui\[u]0[/u]409\mscoreer.dll
+ 2005-09-23 14:29:00	6,144	----a-w	C:\WINDOWS\system32\mui\[u]0[/u]409\mscorees.dll
+ 2003-02-21 02:16:34	32,768	----a-w	C:\WINDOWS\system32\netfxperf.dll
- 2007-09-23 11:11:15	39,992	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2007-10-16 04:38:11	62,344	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2007-09-23 11:11:15	311,604	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2007-10-16 04:38:11	401,064	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2003-02-21 02:06:20	282,624	----a-w	C:\WINDOWS\system32\URTTemp\fusion.dll
+ 2003-02-21 02:06:24	155,648	----a-w	C:\WINDOWS\system32\URTTemp\mscoree.dll
+ 2003-02-21 02:09:18	77,824	----a-w	C:\WINDOWS\system32\URTTemp\mscorsn.dll
+ 2003-02-21 02:08:32	2,482,176	----a-w	C:\WINDOWS\system32\URTTemp\mscorwks.dll
+ 2003-02-21 11:42:22	348,160	----a-w	C:\WINDOWS\system32\URTTemp\msvcr71.dll
+ 2003-02-21 12:16:08	49,152	----a-w	C:\WINDOWS\system32\URTTemp\regtlib.exe
+ 2005-09-23 14:29:16	479,232	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 14:29:16	548,864	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 14:29:16	626,688	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2007-10-16 04:35:03	258,048	----a-w	C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-10-16 04:35:03	114,176	----a-w	C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "@ "=" " []
 "AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
 "IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55]
 "HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51]
 "BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
 "IPInSightLAN 02 "= "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52]
 "IPInSightMonitor 02 "= "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52]
 "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
 "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
 "SetDefPrt "= "C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 15:31]
 "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-13 20:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "@ "=" " []
 "AIM "= "C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
 "Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]
 "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\System32\Drivers\Brfilt.sys
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\System32\Drivers\BrSerWdm.sys
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\System32\Drivers\BrUsbScn.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 21:41:09
Windows 5.1.2600  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-10-16 21:42:56 - machine was rebooted 
C:\ComboFix2.txt ... 2007-10-15 19:15
.
	--- E O F ---

Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:09 PM, on 10/16/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192416121077
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

--
End of file - 6144 bytes

noahdfear · 2007/10/17

Looking good!

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot

Now, lets make sure we haven't missed anything. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here.

Helenster · 2007/10/18

Here's the Kaspersky log:
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 33394
Number of viruses found: 10
Number of infected objects: 32
Number of suspicious objects: 3
Duration of the scan process: 00:48:09

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.5/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Huynh\Application Data\Aim\umnhxljo\magicboy91745\cert8.db Object is locked skipped
C:\Documents and Settings\Huynh\Application Data\Aim\umnhxljo\magicboy91745\key3.db Object is locked skipped
C:\Documents and Settings\Huynh\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Huynh\Desktop\[22]-Submit_2007-10-16@21.37.zip/1704646139.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bnq skipped
C:\Documents and Settings\Huynh\Desktop\[22]-Submit_2007-10-16@21.37.zip/1704646139.exe Infected: Trojan-Downloader.Win32.VB.bnq skipped
C:\Documents and Settings\Huynh\Desktop\[22]-Submit_2007-10-16@21.37.zip/f17046461391704646139.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bnq skipped
C:\Documents and Settings\Huynh\Desktop\[22]-Submit_2007-10-16@21.37.zip/f17046461391704646139.exe Infected: Trojan-Downloader.Win32.VB.bnq skipped
C:\Documents and Settings\Huynh\Desktop\[22]-Submit_2007-10-16@21.37.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Huynh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Huynh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Huynh\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Huynh\Local Settings\Temp\~DF72F7.tmp Object is locked skipped
C:\Documents and Settings\Huynh\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Huynh\My Documents\HW\Chapter 13 Notes.doc Object is locked skipped
C:\Documents and Settings\Huynh\ntuser.dat Object is locked skipped
C:\Documents and Settings\Huynh\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hijackthis\backups\backup-20071014-041342-679 Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\Huynh\~tmp1174.exe.vir/data0006 Infected: Trojan-Downloader.Win32.VB.bnq skipped
C:\qoobox\Quarantine\C\Documents and Settings\Huynh\~tmp1174.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\Internet Explorer\hokesotu4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Internet Explorer\hokesotu83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\SHV5bmg\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\qoobox\Quarantine\C\WINDOWS\SHV5bmg\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\que1\aded83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\que1\aded83122.exe.vir NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP40\A0012841.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP40\A0012842.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP40\A0012843.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP45\A0013191.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gg skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP45\A0013192.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gh skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP45\A0013197.dll Infected: not-a-virus:AdWare.Win32.AdBand.b skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP45\A0013198.exe Infected: not-a-virusownloader.Win32.Agent.q skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP52\A0014513.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP54\A0014526.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014537.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014538.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014539.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014548.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014549.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014550.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014551.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014552.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014553.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014554.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014555.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014556.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014557.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014558.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP55\A0014559.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP56\A0014605.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014925.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014927.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014928.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014929.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014930.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014931.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014932.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014933.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014934.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014935.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014936.dll Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014937.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0014938.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0015986.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0015986.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP62\A0016033.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP65\A0016147.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bnq skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP65\A0016147.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP65\A0016148.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP65\A0016149.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP68\A0016423.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP68\A0016424.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP68\A0016426.exe Object is locked skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP68\A0016428.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP68\A0016428.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CA62988B-1B47-4A6E-B0D9-4A41FFFCF892}\RP69\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

noahdfear · 2007/10/18

Looks great!
Delete the [22]-Submit_2007-10-16@21.37.zip file from the desktop.
Delete VundoFix.exe
Start ComboFix and select 2 at the Disclaimer screen to exit and uninstall ComboFix, and remove the files/folders it created.

Empty the recycle bin.

If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Your computer is now clean! See if you can get those Windows Updates applied.

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

Helenster · 2007/10/21

Thanks for the help! His computer seems fine now.

noahdfear · 2007/10/21

Glad to help

Log in or Sign up

Solved Random pop-ups

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved Random pop-ups

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Helenster Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches