62 Hits For Malware! Hjt Log Included[INACTIVE]

[Hybridhawk]

I was hit with a really nasty set of viruses/trojans/malware about 12 hours ago and I have spent the last 12 hours working on this problem. I think I have flushed most of the nasty stuff out, I ran malwarebytes and removed 62 items from my computer. I re-ran the program and had no hits, but I have run a HJT log and do not know how to read it. I am still having a very obvious problem with my computer because my desktop is white and no amount of fidgeting has fixed it. I also noticed when the problem first hit that there were a lot of "registry" changes made and I have NO idea what that did to my computer or how to fix the changes made, I really dont know anything about what the registry is. I would really appreciate some help interpretting my HJT log.

P.S. You will probably notice from the log however, that I have a ton of PC protection programs that I have installed while trying to fix this problem along with a few I already had, feel free to let me know if any of them are un-necessary.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:04:49 AM, on 9/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\bin32\nSvcAppFlt.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\bin32\nSvcIp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {F883C5A3-4B88-4CE3-AA80-F694D9E93E5F} - (no file)

O3 - Toolbar: gksraemq - {A91B590B-67E6-4CB4-8741-423AD91E8C1A} - C:\WINDOWS\gksraemq.dll (file missing)

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219379737372

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: boqxmt.dll,avgrsstx.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O24 - Desktop Component 0: Privacy Protection - (no file)

--

End of file - 6412 bytes

Edited September 7, 2008 by Hawk

[sarahw]

Hi,

Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.

You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.

Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.

These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat.

[sarahw]

1.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
  
• In the Mode menu click "Advanced mode" if not already selected.
  
• Choose "Yes" at the Warning prompt.
  
• Expand the "Tools" menu.
  
• Click "Resident".
  
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  
• In the File menu click "Exit" to exit Spybot Search & Destroy.
  

2.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
  

[Hybridhawk]

Okay I selected to show hidden files, I also disabled TeaTime. I am trying to restart the computer in safe mode but when I tap F8 it brings up a "Boot Menu" and it says "select a boot first device" and I have the options of "removable" "hard disk" and "cdrom" I dont think this is the advanced menu I need but I am not sure how to bring the menu up. I do not have a login screen because when I first got my computer I found and used a command (of which I dont know anymore) to automatically log me in to my master account. On boot up my computer screen is black, then I have a green ASUS screen, then it is a blue screen which shows me logging in, and then Im on my desktop.

[sarahw]

Ok, run it in normal mode.

[Hybridhawk]

It will not let me, It tells me I have to be in safe mode to run it. =/

[Hybridhawk]

Okay, I figured out how to get to that menu, I ran the program and saved the log, then ran another HjT log. I can see part of my desktop now but there is still a white box in the upper left hand corner that blocks out the desktop in that area, I can see and use the icons that are on top of it but I do not know how to remove the box or what it is. Here are the two new logs that I have:

SDFix: Version 1.222

Run by Hawk on Sun 09/07/2008 at 05:54 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 17:58:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe:*:Enabled:hl2"

"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe:*:Enabled:hl2"

"C:\\Documents and Settings\\Hawk\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"="C:\\Documents and Settings\\Hawk\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe:*:Enabled:Norton Removal Tool"

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Sat 16 Aug 2008 60,416 A..H. --- "C:\Documents and Settings\Hawk\Desktop\Val's Employment\~WRL0005.tmp"

Fri 22 Aug 2008 16,151,113 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\28f9157a46d0b6f12275c9aae1093110\BIT1A0.tmp"

Finished!

Then the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:07:33 PM, on 9/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\bin32\nSvcAppFlt.exe

C:\Program Files\bin32\nSvcIp.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {F883C5A3-4B88-4CE3-AA80-F694D9E93E5F} - (no file)

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219379737372

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: boqxmt.dll,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 1: Privacy Protection - (no file)

--

End of file - 5638 bytes

[sarahw]

Download GMER from here:

http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.

Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.

Click on Scan.

When the scan has run click Copy and paste the results (if any) into this thread.

[Hybridhawk]

There were no results, it came up clean.

[sarahw]

Can you post the results anyways, your computer surely isn't clean.

[Hybridhawk]

I ran it three more times and the last time I ran it this is what is showed:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-09-07 21:35:40

Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

I had also plugged in my MP3 player to a usb port to charge it, so I think that is what that is.

[sarahw]

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1

Link 2

Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[Hybridhawk]

Okay I ran that program and it put the icons I had lost when the viruses hit back on my desktop so I know it fixed something, however the big white block in the upper left of my desktop is still there. Here are the logs:

ComboFix 08-09-05.05 - Hawk 2008-09-07 22:50:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3023 [GMT -7:00]

Running from: C:\Documents and Settings\Hawk\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))

.

2008-09-07 19:40 . 2008-09-07 21:22 250 --a------ C:\WINDOWS\gmer.ini

2008-09-07 17:53 . 2008-09-07 17:53 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-09-07 17:52 . 2008-09-07 17:52 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-07 14:52 . 2008-09-07 17:59 <DIR> d-------- C:\SDFix

2008-09-07 03:24 . 2008-09-07 03:24 <DIR> d-------- C:\Program Files\Lavasoft

2008-09-07 00:58 . 2008-09-07 00:58 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-06 23:39 . 2008-09-06 23:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-06 23:39 . 2008-09-06 23:39 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\Malwarebytes

2008-09-06 23:39 . 2008-09-06 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-06 23:39 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-06 23:39 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-06 23:31 . 2008-09-06 23:31 <DIR> d-------- C:\Program Files\Trend Micro

2008-09-06 23:19 . 2008-09-06 23:19 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-06 23:19 . 2008-09-06 23:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-06 23:18 . 2008-09-06 23:18 <DIR> d-------- C:\Program Files\AVG

2008-09-06 23:18 . 2008-09-06 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-09-06 23:10 . 2008-09-06 23:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-06 20:10 . 2008-09-06 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller

2008-09-06 15:19 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2008-09-06 15:09 . 2008-09-06 15:10 255 --a------ C:\WINDOWS\wininit.ini

2008-09-06 14:47 . 2008-09-05 11:47 553,472 --a------ C:\Documents and Settings\Hawk\IMSPTpb.exe

2008-09-06 14:47 . 2008-06-05 07:01 344,064 --a------ C:\Documents and Settings\Hawk\sqlite3.dll

2008-08-31 00:57 . 2008-08-31 01:41 <DIR> d-------- C:\Program Files\PublicTest

2008-08-31 00:34 . 2008-09-07 19:04 <DIR> d-------- C:\Program Files\Steam

2008-08-26 12:25 . 2008-08-26 12:25 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\Yahoo!

2008-08-26 12:23 . 2008-09-06 20:15 <DIR> d-------- C:\Program Files\Yahoo!

2008-08-26 12:23 . 2008-08-26 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!

2008-08-23 22:25 . 2008-08-23 22:25 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-08-23 22:25 . 2008-08-23 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-08-23 22:24 . 2005-05-10 20:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll

2008-08-23 22:23 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-08-23 22:23 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-08-23 22:23 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-08-23 22:23 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-08-23 22:23 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-08-23 22:23 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-08-23 22:23 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-08-23 22:22 . 2008-08-23 22:25 <DIR> d-------- C:\Program Files\HP

2008-08-23 22:21 . 2008-08-23 22:33 79,357 --a------ C:\WINDOWS\hpfins05.dat

2008-08-23 22:21 . 2005-07-15 15:15 1,350 --------- C:\WINDOWS\hpfmdl05.dat

2008-08-23 22:20 . 2008-08-23 22:20 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\HP

2008-08-23 22:20 . 2005-04-27 18:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll

2008-08-23 22:20 . 2005-04-27 18:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll

2008-08-23 22:18 . 2008-08-23 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Program Files\QuickTime

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Program Files\Apple Software Update

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-08-22 01:55 . 2008-08-22 01:55 <DIR> dr-h----- C:\Documents and Settings\Hawk\Application Data\SecuROM

2008-08-22 01:55 . 2008-08-22 01:55 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-22 01:50 . 2008-09-07 19:02 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\Ventrilo

2008-08-22 01:47 . 2008-08-22 01:47 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-08-22 01:47 . 2008-08-22 01:47 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-08-22 01:47 . 2008-08-22 01:47 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-08-22 01:44 . 2008-08-22 01:44 <DIR> d-------- C:\Program Files\Realtek

2008-08-22 01:44 . 2008-05-07 00:39 16,862,208 -r------- C:\WINDOWS\RTHDCPL.exe

2008-08-22 01:44 . 2006-05-04 01:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe

2008-08-22 01:44 . 2007-06-28 01:44 2,165,760 -r------- C:\WINDOWS\MicCal.exe

2008-08-22 01:44 . 2008-03-05 03:07 520,192 -r------- C:\WINDOWS\RtlExUpd.dll

2008-08-22 01:44 . 2005-09-20 19:25 299,008 -ra------ C:\WINDOWS\system32\ALSndMgr.cpl

2008-08-22 01:44 . 2005-05-03 03:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe

2008-08-22 01:13 . 2008-09-07 03:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-22 01:13 . 2008-09-07 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-22 01:11 . 2008-08-22 01:15 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-08-22 01:07 . 2008-08-22 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-08-22 01:02 . 2008-08-22 01:02 <DIR> d-------- C:\Program Files\Ventrilo

2008-08-22 00:59 . 2008-08-22 00:59 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-08-22 00:59 . 2008-08-22 00:59 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-22 00:59 . 2008-08-22 00:59 22,328 --a------ C:\Documents and Settings\Hawk\Application Data\PnkBstrK.sys

2008-08-22 00:50 . 2008-09-07 03:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-08-22 00:28 . 2008-08-22 00:28 <DIR> d-------- C:\Program Files\uTorrent

2008-08-22 00:28 . 2008-09-06 23:02 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\uTorrent

2008-08-22 00:28 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-22 00:28 . 2008-08-22 00:28 376 --a------ C:\WINDOWS\ODBC.INI

2008-08-22 00:27 . 2008-08-22 00:27 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-22 00:27 . 2008-08-22 00:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync

2008-08-22 00:24 . 2008-08-22 00:24 <DIR> dr-h----- C:\MSOCache

2008-08-22 00:24 . 2008-09-07 04:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-08-22 00:24 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX

2008-08-21 23:32 . 2008-08-21 23:32 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR

2008-08-21 23:31 . 2008-08-21 23:31 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-08-21 23:00 . 2008-08-21 23:20 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\U3

2008-08-21 23:00 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-08-21 22:49 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-08-21 22:46 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-21 22:45 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-21 22:44 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-21 22:44 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-21 22:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-08-21 22:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\system32\en

2008-08-21 22:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-21 22:29 . 2008-04-13 17:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll

2008-08-21 22:29 . 2008-04-13 10:23 8,192 -----c--- C:\WINDOWS\system32\dllcache\asferror.dll

2008-08-21 22:22 . 2008-08-21 22:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-21 22:11 . 2008-08-21 22:11 <DIR> d-------- C:\WINDOWS\provisioning

2008-08-21 22:11 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\peernet

2008-08-21 22:11 . 2008-08-21 22:42 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-08-21 22:10 . 2008-08-21 22:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-21 22:07 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-21 22:06 . 2008-08-21 22:31 <DIR> d-------- C:\WINDOWS\EHome

2008-08-21 21:48 . 2008-04-14 05:42 11,264 --a------ C:\WINDOWS\system32\spnpinst.exe

2008-08-21 21:48 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig

2008-08-21 21:48 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat

2008-08-21 21:43 . 2008-09-07 18:06 181,718 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-21 21:43 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-21 21:40 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-21 21:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\system32\bits

2008-08-21 21:37 . 2008-04-13 10:39 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll

2008-08-21 21:37 . 2008-04-13 17:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll

2008-08-21 21:37 . 2008-04-13 17:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2008-08-21 21:37 . 2008-04-13 17:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll

2008-08-21 21:37 . 2008-04-13 17:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

2008-08-21 21:36 . 2008-07-18 22:09 563,912 --a------ C:\WINDOWS\system32\wuapi.dll

2008-08-21 21:36 . 2008-07-18 22:09 563,912 --a--c--- C:\WINDOWS\system32\dllcache\wuapi.dll

2008-08-21 21:36 . 2008-07-18 22:09 325,832 --a------ C:\WINDOWS\system32\wucltui.dll

2008-08-21 21:36 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-08-21 21:36 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-21 21:36 . 2008-07-18 22:10 36,552 --a------ C:\WINDOWS\system32\wups.dll

2008-08-21 21:36 . 2008-07-18 22:10 36,552 --a--c--- C:\WINDOWS\system32\dllcache\wups.dll

2008-08-21 21:36 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-21 21:36 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-21 21:36 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-21 21:35 . 2008-08-21 21:35 <DIR> d---s---- C:\Documents and Settings\Hawk\UserData

2008-08-21 21:22 . 2008-08-21 21:22 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-08-21 21:22 . 2008-08-21 21:22 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-26 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-22 07:58 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe

2008-08-22 07:58 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-08-22 07:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-08-22 04:17 0 ----a-w C:\Program Files\FirstPacketPrograms.txt

2008-08-22 03:48 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-22 03:48 --------- d-----w C:\Program Files\ANI

2008-08-22 03:47 --------- d-----w C:\Program Files\D-Link

2008-08-22 03:47 --------- d-----w C:\Documents and Settings\Hawk\Application Data\InstallShield

2008-08-22 03:40 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-22 03:37 --------- d-----w C:\Program Files\profile

2008-08-22 03:37 --------- d-----w C:\Program Files\log

2008-08-22 03:37 --------- d-----w C:\Program Files\bin32

2008-08-22 03:30 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=boqxmt.dll,avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]

*Newly Created Service* - GMER

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{F883C5A3-4B88-4CE3-AA80-F694D9E93E5F} - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\bok15fqv.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.dogpile.com

FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 22:51:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-07 22:52:04

ComboFix-quarantined-files.txt 2008-09-08 05:52:02

Pre-Run: 90,584,371,200 bytes free

Post-Run: 90,623,823,872 bytes free

222

________________________________________________________________________________

___________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:53:30 PM, on 9/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\bin32\nSvcAppFlt.exe

C:\Program Files\bin32\nSvcIp.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219379737372

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: boqxmt.dll,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 1: Privacy Protection - (no file)

--

End of file - 5518 bytes

[Hybridhawk]

And I am not sure what recovery console is...

[sarahw]

We can install the recovery console now.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

[Hybridhawk]

Okay, done and here it is:

ComboFix 08-09-05.09 - Hawk 2008-09-08 16:54:41.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006 [GMT -7:00]

Running from: C:\Documents and Settings\Hawk\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Hawk\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))

.

2008-09-07 19:40 . 2008-09-07 21:22 250 --a------ C:\WINDOWS\gmer.ini

2008-09-07 17:53 . 2008-09-07 17:53 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-09-07 17:52 . 2008-09-07 17:52 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-07 14:52 . 2008-09-07 17:59 <DIR> d-------- C:\SDFix

2008-09-07 03:24 . 2008-09-07 03:24 <DIR> d-------- C:\Program Files\Lavasoft

2008-09-07 00:58 . 2008-09-07 00:58 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-06 23:39 . 2008-09-06 23:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-06 23:39 . 2008-09-06 23:39 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\Malwarebytes

2008-09-06 23:39 . 2008-09-06 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-06 23:39 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-06 23:39 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-06 23:31 . 2008-09-06 23:31 <DIR> d-------- C:\Program Files\Trend Micro

2008-09-06 23:19 . 2008-09-06 23:19 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-06 23:19 . 2008-09-06 23:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-06 23:18 . 2008-09-06 23:18 <DIR> d-------- C:\Program Files\AVG

2008-09-06 23:18 . 2008-09-06 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-09-06 23:10 . 2008-09-06 23:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-06 20:10 . 2008-09-06 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller

2008-09-06 15:19 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2008-09-06 15:09 . 2008-09-06 15:10 255 --a------ C:\WINDOWS\wininit.ini

2008-09-06 14:47 . 2008-09-05 11:47 553,472 --a------ C:\Documents and Settings\Hawk\IMSPTpb.exe

2008-09-06 14:47 . 2008-06-05 07:01 344,064 --a------ C:\Documents and Settings\Hawk\sqlite3.dll

2008-08-31 00:57 . 2008-08-31 01:41 <DIR> d-------- C:\Program Files\PublicTest

2008-08-31 00:34 . 2008-09-07 19:04 <DIR> d-------- C:\Program Files\Steam

2008-08-26 12:25 . 2008-08-26 12:25 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\Yahoo!

2008-08-26 12:23 . 2008-09-06 20:15 <DIR> d-------- C:\Program Files\Yahoo!

2008-08-26 12:23 . 2008-08-26 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!

2008-08-23 22:25 . 2008-08-23 22:25 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-08-23 22:25 . 2008-08-23 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-08-23 22:24 . 2005-05-10 20:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll

2008-08-23 22:23 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-08-23 22:23 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-08-23 22:23 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-08-23 22:23 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-08-23 22:23 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-08-23 22:23 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-08-23 22:23 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-08-23 22:22 . 2008-08-23 22:25 <DIR> d-------- C:\Program Files\HP

2008-08-23 22:21 . 2008-08-23 22:33 79,357 --a------ C:\WINDOWS\hpfins05.dat

2008-08-23 22:21 . 2005-07-15 15:15 1,350 --------- C:\WINDOWS\hpfmdl05.dat

2008-08-23 22:20 . 2008-08-23 22:20 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\HP

2008-08-23 22:20 . 2005-04-27 18:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll

2008-08-23 22:20 . 2005-04-27 18:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll

2008-08-23 22:18 . 2008-08-23 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Program Files\QuickTime

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Program Files\Apple Software Update

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-08-22 18:37 . 2008-08-22 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-08-22 01:55 . 2008-08-22 01:55 <DIR> dr-h----- C:\Documents and Settings\Hawk\Application Data\SecuROM

2008-08-22 01:55 . 2008-08-22 01:55 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-22 01:50 . 2008-09-07 19:02 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\Ventrilo

2008-08-22 01:47 . 2008-08-22 01:47 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-08-22 01:47 . 2008-08-22 01:47 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-08-22 01:47 . 2008-08-22 01:47 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-08-22 01:44 . 2008-08-22 01:44 <DIR> d-------- C:\Program Files\Realtek

2008-08-22 01:44 . 2008-05-07 00:39 16,862,208 -r------- C:\WINDOWS\RTHDCPL.exe

2008-08-22 01:44 . 2006-05-04 01:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe

2008-08-22 01:44 . 2007-06-28 01:44 2,165,760 -r------- C:\WINDOWS\MicCal.exe

2008-08-22 01:44 . 2008-03-05 03:07 520,192 -r------- C:\WINDOWS\RtlExUpd.dll

2008-08-22 01:44 . 2005-09-20 19:25 299,008 -ra------ C:\WINDOWS\system32\ALSndMgr.cpl

2008-08-22 01:44 . 2005-05-03 03:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe

2008-08-22 01:13 . 2008-09-07 03:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-22 01:13 . 2008-09-07 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-22 01:11 . 2008-08-22 01:15 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-08-22 01:07 . 2008-08-22 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-08-22 01:02 . 2008-08-22 01:02 <DIR> d-------- C:\Program Files\Ventrilo

2008-08-22 00:59 . 2008-08-22 00:59 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-08-22 00:59 . 2008-08-22 00:59 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-22 00:59 . 2008-08-22 00:59 22,328 --a------ C:\Documents and Settings\Hawk\Application Data\PnkBstrK.sys

2008-08-22 00:50 . 2008-09-07 03:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-08-22 00:28 . 2008-08-22 00:28 <DIR> d-------- C:\Program Files\uTorrent

2008-08-22 00:28 . 2008-09-06 23:02 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\uTorrent

2008-08-22 00:28 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-22 00:28 . 2008-08-22 00:28 376 --a------ C:\WINDOWS\ODBC.INI

2008-08-22 00:27 . 2008-08-22 00:27 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-22 00:27 . 2008-08-22 00:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync

2008-08-22 00:24 . 2008-08-22 00:24 <DIR> dr-h----- C:\MSOCache

2008-08-22 00:24 . 2008-09-07 04:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-08-22 00:24 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX

2008-08-21 23:32 . 2008-08-21 23:32 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR

2008-08-21 23:31 . 2008-08-21 23:31 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-08-21 23:00 . 2008-08-21 23:20 <DIR> d-------- C:\Documents and Settings\Hawk\Application Data\U3

2008-08-21 23:00 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-08-21 22:49 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-08-21 22:46 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-21 22:45 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-21 22:44 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-21 22:44 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-21 22:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-08-21 22:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\system32\en

2008-08-21 22:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-21 22:29 . 2008-04-13 17:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll

2008-08-21 22:29 . 2008-04-13 10:23 8,192 -----c--- C:\WINDOWS\system32\dllcache\asferror.dll

2008-08-21 22:22 . 2008-08-21 22:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-21 22:11 . 2008-08-21 22:11 <DIR> d-------- C:\WINDOWS\provisioning

2008-08-21 22:11 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\peernet

2008-08-21 22:11 . 2008-08-21 22:42 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-08-21 22:10 . 2008-08-21 22:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-21 22:07 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-21 22:06 . 2008-08-21 22:31 <DIR> d-------- C:\WINDOWS\EHome

2008-08-21 21:48 . 2008-04-14 05:42 11,264 --a------ C:\WINDOWS\system32\spnpinst.exe

2008-08-21 21:48 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig

2008-08-21 21:48 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat

2008-08-21 21:43 . 2008-09-08 16:46 181,718 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-21 21:43 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-21 21:40 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-21 21:37 . 2008-08-21 22:37 <DIR> d-------- C:\WINDOWS\system32\bits

2008-08-21 21:37 . 2008-04-13 10:39 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll

2008-08-21 21:37 . 2008-04-13 17:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll

2008-08-21 21:37 . 2008-04-13 17:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2008-08-21 21:37 . 2008-04-13 17:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll

2008-08-21 21:37 . 2008-04-13 17:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

2008-08-21 21:36 . 2008-07-18 22:09 563,912 --a------ C:\WINDOWS\system32\wuapi.dll

2008-08-21 21:36 . 2008-07-18 22:09 563,912 --a--c--- C:\WINDOWS\system32\dllcache\wuapi.dll

2008-08-21 21:36 . 2008-07-18 22:09 325,832 --a------ C:\WINDOWS\system32\wucltui.dll

2008-08-21 21:36 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-08-21 21:36 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-21 21:36 . 2008-07-18 22:10 36,552 --a------ C:\WINDOWS\system32\wups.dll

2008-08-21 21:36 . 2008-07-18 22:10 36,552 --a--c--- C:\WINDOWS\system32\dllcache\wups.dll

2008-08-21 21:36 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-21 21:36 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-21 21:36 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-21 21:35 . 2008-08-21 21:35 <DIR> d---s---- C:\Documents and Settings\Hawk\UserData

2008-08-21 21:22 . 2008-08-21 21:22 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-08-21 21:22 . 2008-08-21 21:22 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-26 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-22 07:58 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe

2008-08-22 07:58 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-08-22 07:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-08-22 04:17 0 ----a-w C:\Program Files\FirstPacketPrograms.txt

2008-08-22 03:48 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-22 03:48 --------- d-----w C:\Program Files\ANI

2008-08-22 03:47 --------- d-----w C:\Program Files\D-Link

2008-08-22 03:47 --------- d-----w C:\Documents and Settings\Hawk\Application Data\InstallShield

2008-08-22 03:40 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-22 03:37 --------- d-----w C:\Program Files\profile

2008-08-22 03:37 --------- d-----w C:\Program Files\log

2008-08-22 03:37 --------- d-----w C:\Program Files\bin32

2008-08-22 03:30 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((( snapshot@2008-09-07_22.51.52.56 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-22 07:59:50 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-09-08 14:10:53 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2008-08-22 07:59:49 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-09-08 14:10:54 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll

- 2008-08-22 07:59:46 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-09-08 14:11:01 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2008-08-22 07:59:46 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-09-08 14:10:55 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2008-08-22 07:59:50 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll

+ 2008-09-08 14:10:59 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll

- 2008-08-22 07:59:51 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-09-08 14:10:57 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2008-08-22 07:59:49 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll

+ 2008-09-08 14:10:59 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll

- 2008-08-22 07:59:49 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-09-08 14:10:54 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll

- 2008-08-22 07:59:49 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-09-08 14:11:01 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2008-08-22 07:59:49 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-09-08 14:10:57 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2008-08-22 07:59:49 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-09-08 14:10:55 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2008-08-22 07:59:49 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll

+ 2008-09-08 14:10:55 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll

- 2008-08-22 07:59:49 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-09-08 14:10:59 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll

- 2008-08-22 07:59:49 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-09-08 14:11:01 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2008-08-22 07:59:49 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-09-08 14:10:58 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2008-08-22 07:59:49 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-09-08 14:10:56 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2008-08-22 07:59:50 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-09-08 14:10:57 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2008-08-22 07:59:50 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-09-08 14:11:00 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2008-08-22 07:59:50 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-09-08 14:10:53 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2008-08-22 07:59:50 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-09-08 14:10:55 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2008-08-22 07:59:50 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-09-08 14:10:54 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2008-08-22 07:59:50 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-09-08 14:11:00 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2008-08-22 07:59:50 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-09-08 14:10:56 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll

- 2008-08-22 07:59:50 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll

+ 2008-09-08 14:10:58 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll

- 2008-08-22 07:59:49 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2008-09-08 14:11:02 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2008-08-24 05:16:55 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2008-09-08 14:12:46 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2008-08-24 05:17:00 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-09-08 14:12:55 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2008-08-24 05:17:00 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-09-08 14:12:55 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2008-08-24 05:17:00 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-09-08 14:12:56 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2008-08-24 05:16:58 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2008-09-08 14:12:53 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2008-08-24 05:16:53 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-09-08 14:12:41 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2008-08-24 05:16:53 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-09-08 14:12:41 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2008-08-24 05:17:02 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2008-09-08 14:13:01 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2008-08-24 05:16:57 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-09-08 14:12:48 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2008-08-24 05:16:54 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2008-09-08 14:12:45 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2008-08-24 05:16:52 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2008-09-08 14:12:40 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2008-08-24 05:16:53 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2008-09-08 14:12:43 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2008-08-24 05:16:59 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-09-08 14:12:54 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2008-08-24 05:16:59 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-09-08 14:12:54 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2008-08-24 05:16:59 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-09-08 14:12:54 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2008-08-24 05:16:54 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-09-08 14:12:44 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2008-08-24 05:16:54 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-09-08 14:12:44 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2008-08-24 05:16:54 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-09-08 14:12:44 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2008-08-24 05:16:54 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2008-09-08 14:12:45 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2008-08-24 05:16:54 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-09-08 14:12:43 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2008-08-24 05:17:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-09-08 14:13:02 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2008-08-24 05:17:03 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2008-09-08 14:13:02 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2008-08-24 05:16:52 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2008-09-08 14:12:39 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2008-08-24 05:17:03 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-09-08 14:13:01 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2008-08-24 05:17:03 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2008-09-08 14:13:02 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2008-08-24 05:16:52 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-09-08 14:12:40 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2008-08-24 05:16:52 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2008-09-08 14:12:39 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2008-08-24 05:16:52 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-09-08 14:12:39 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2008-08-24 05:17:01 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2008-09-08 14:12:58 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2008-08-24 05:16:55 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2008-09-08 14:12:46 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2008-08-24 05:17:01 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-09-08 14:12:59 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2008-08-24 05:17:00 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2008-09-08 14:12:57 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2008-08-24 05:16:53 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2008-09-08 14:12:42 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2008-08-24 05:16:59 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-09-08 14:12:53 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2008-08-24 05:16:56 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2008-09-08 14:12:47 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2008-08-24 05:16:56 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-09-08 14:12:47 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2008-08-24 05:16:56 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2008-09-08 14:12:47 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2008-08-24 05:17:02 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-09-08 14:13:00 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2008-08-24 05:17:01 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-09-08 14:12:57 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2008-08-24 05:17:02 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-09-08 14:13:00 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2008-08-24 05:17:01 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-09-08 14:12:57 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2008-08-24 05:17:01 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-09-08 14:12:58 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2008-08-24 05:16:55 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-09-08 14:12:46 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2008-08-24 05:16:56 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-09-08 14:12:48 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2008-08-24 05:17:02 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-09-08 14:13:01 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2008-08-24 05:16:57 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-09-08 14:12:49 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2008-08-24 05:16:57 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-09-08 14:12:50 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2008-08-24 05:16:57 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-09-08 14:12:50 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2008-08-24 05:16:58 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2008-09-08 14:12:51 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2008-08-24 05:17:02 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-09-08 14:12:59 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-09-08 23:42:36 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3d2a91a6c545200f624700ac2ae86375\mscorlib.ni.dll

+ 2008-09-08 23:42:53 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\280871d92ac03759dcfd7078f76887d6\System.Data.ni.dll

+ 2008-09-08 23:43:04 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\a60b40f4a220b217c807966d3a2a4592\System.Design.ni.dll

+ 2008-09-08 23:43:07 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\02160e0e625f78d5830d9b563e100331\System.Drawing.Design.ni.dll

+ 2008-09-08 23:43:07 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\ccb5d6542f8954915f9964b17b46bd7c\System.Drawing.ni.dll

+ 2008-09-08 23:43:17 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6afdd8862913a1788c068c5e8d59f4e8\System.Windows.Forms.ni.dll

+ 2008-09-08 23:43:21 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\e4fc736d0feeee9e0c9a0bea73237236\System.Xml.ni.dll

+ 2008-09-08 23:42:46 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\55f79c8f77fdcc590f75307fe36f0c5c\System.ni.dll

+ 2008-09-08 14:11:08 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f8d69ebe\CustomMarshalers.dll

+ 2008-09-08 14:11:26 3,379,200 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_149f4741\mscorlib.dll

+ 2008-09-08 14:11:23 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_af37e872\System.Design.dll

+ 2008-09-08 14:11:09 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_729e288e\System.Drawing.Design.dll

+ 2008-09-08 14:11:24 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4e51428a\System.Drawing.dll

+ 2008-09-08 14:11:14 3,014,656 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a9f29803\System.Windows.Forms.dll

+ 2008-09-08 14:11:19 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6e04a4a8\System.Xml.dll

+ 2008-09-08 14:11:08 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2393389d\System.dll

- 2003-02-21 02:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2004-07-15 08:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2003-02-21 02:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe

+ 2004-07-15 08:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe

- 2003-02-21 02:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

+ 2004-07-15 08:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

- 2003-02-21 02:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2004-07-15 08:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2003-02-21 02:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2004-07-15 07:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2003-02-21 17:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe

+ 2004-07-15 18:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe

- 2003-02-21 17:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll

+ 2004-07-15 18:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll

- 2003-02-21 02:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll

+ 2004-07-15 07:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll

+ 2003-10-08 21:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe

- 2003-02-21 14:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll

+ 2004-07-15 21:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll

- 2003-02-21 14:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll

+ 2004-07-15 21:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll

- 2003-02-21 02:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe

+ 2004-07-15 07:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe

- 2003-02-21 14:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll

+ 2004-07-15 21:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll

- 2003-02-21 14:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll

+ 2004-07-15 21:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll

- 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe

+ 2004-07-15 21:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe

- 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe

+ 2004-07-15 21:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe

- 2003-02-21 02:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll

+ 2004-07-15 07:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll

- 2003-02-21 02:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll

+ 2004-07-15 07:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll

- 2003-02-21 02:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2004-07-15 07:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2003-02-21 02:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2004-07-15 07:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2003-02-21 14:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2004-07-15 21:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2003-02-21 02:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll

+ 2004-07-15 07:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll

- 2003-02-21 02:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll

+ 2004-07-15 07:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll

- 2003-02-21 02:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2004-07-15 07:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2003-02-21 02:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2004-07-15 07:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2004-08-10 23:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

- 2003-02-21 02:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll

+ 2004-07-15 07:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll

- 2003-02-21 14:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll

+ 2004-07-15 21:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll

- 2003-02-21 02:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll

+ 2004-07-15 07:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll

- 2003-02-21 14:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll

+ 2004-07-15 21:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll

- 2003-02-21 14:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll

+ 2004-07-15 21:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll

- 2003-02-21 14:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll

+ 2004-07-15 21:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll

- 2003-02-21 14:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll

+ 2004-07-15 21:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll

- 2003-02-21 14:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2004-07-15 21:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2003-02-21 14:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll

+ 2004-07-15 21:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll

- 2003-02-21 14:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll

+ 2004-07-15 21:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll

- 2003-02-21 02:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll

+ 2004-07-15 07:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll

- 2003-02-21 14:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll

+ 2004-07-15 21:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll

- 2003-02-21 14:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll

+ 2004-07-15 21:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll

- 2003-02-21 14:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll

+ 2004-07-15 21:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll

- 2003-02-21 14:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll

+ 2004-07-15 21:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll

- 2003-02-21 14:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2004-07-15 21:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2003-02-21 14:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll

+ 2004-07-15 21:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll

- 2003-02-21 14:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2004-07-15 21:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2003-02-21 14:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll

+ 2004-07-15 21:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll

- 2003-02-21 14:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll

+ 2004-07-15 21:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll

- 2003-02-21 14:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll

+ 2004-07-15 21:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll

- 2003-02-21 14:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll

+ 2004-07-15 21:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll

- 2003-02-21 14:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll

+ 2004-07-15 21:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll

+ 2004-06-22 20:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe

- 2003-02-21 17:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe

+ 2004-07-15 18:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe

- 2003-02-21 12:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll

+ 2004-07-15 15:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll

- 2003-02-21 03:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll

+ 2004-07-15 09:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll

- 2005-09-23 14:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2007-04-13 10:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

- 2005-09-23 14:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2007-04-13 10:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

- 2005-09-23 14:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2007-04-13 10:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

- 2005-09-23 14:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2007-04-13 10:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

- 2005-09-23 14:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2007-04-13 10:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

- 2005-09-23 14:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2007-04-13 10:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

- 2005-09-23 14:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2007-04-13 10:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

- 2005-09-23 14:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2007-04-13 10:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2005-09-23 14:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2007-04-13 10:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

- 2005-09-23 14:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2007-04-13 10:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

- 2005-09-23 14:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2007-04-13 10:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

- 2005-09-23 14:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2007-04-13 10:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

- 2005-09-23 14:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2007-04-13 10:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

- 2005-09-23 14:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2007-04-13 10:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2005-09-23 14:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2007-04-13 10:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

- 2005-09-23 14:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2007-04-13 10:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

- 2005-09-23 14:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2007-04-13 10:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

- 2005-09-23 14:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2007-04-13 10:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 14:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2007-04-13 10:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2005-09-23 14:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2007-04-13 10:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

- 2005-09-23 14:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2007-04-13 10:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2005-09-23 14:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2007-04-13 10:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2005-09-23 14:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2007-04-13 10:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

- 2005-09-23 14:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2007-04-13 10:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

- 2005-09-23 14:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2007-04-13 10:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

- 2005-09-23 14:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2007-04-13 10:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2005-09-23 14:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2007-04-13 10:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

- 2005-09-23 14:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2007-04-13 10:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

- 2005-09-23 14:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2007-04-13 10:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

- 2005-09-23 14:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2007-04-13 10:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2005-09-23 14:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2007-04-13 10:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

- 2005-09-23 14:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2007-04-13 10:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

- 2005-09-23 14:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2007-04-13 10:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

- 2005-09-23 14:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2007-04-13 10:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

- 2005-09-23 14:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2007-04-13 10:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

- 2005-09-23 14:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2007-04-13 10:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

- 2005-09-23 14:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2007-04-13 10:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

- 2005-09-23 14:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2007-04-13 10:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

- 2005-09-23 14:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2007-04-13 10:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

- 2005-09-23 14:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2007-04-13 10:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2005-09-23 14:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2007-04-13 10:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

- 2005-09-23 14:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2007-04-13 10:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2005-09-23 14:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2007-04-13 10:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

- 2005-09-23 14:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2007-04-13 10:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

- 2005-09-23 14:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2007-04-13 10:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

- 2005-09-23 14:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2007-04-13 10:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

- 2005-09-23 14:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2007-04-13 10:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

- 2005-09-23 14:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2007-04-13 10:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2005-09-23 14:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2007-04-13 10:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

- 2005-09-23 14:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2007-04-13 10:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

- 2005-09-23 14:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2007-04-13 10:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

- 2005-09-23 14:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2007-04-13 10:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2005-09-23 14:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll

+ 2007-04-13 10:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll

- 2008-09-08 01:11:00 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-09-08 23:50:21 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-09-08 01:11:00 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-09-08 23:50:21 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll

- 2008-08-24 05:16:53 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-09-08 14:12:41 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2008-08-24 05:16:53 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2008-09-08 14:12:41 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=boqxmt.dll,avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\bok15fqv.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.dogpile.com

FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-08 16:55:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-08 16:56:03

ComboFix-quarantined-files.txt 2008-09-08 23:56:01

ComboFix2.txt 2008-09-08 05:52:05

Pre-Run: 90,543,878,144 bytes free

Post-Run: 90,512,576,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /noguiboot

616 --- E O F --- 2008-09-08 14:13:21

[sarahw]

Looks good.

Click HERE and run an online scan with Kaspersky WebScanner

• Click on Kaspersky Online Scanner
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
    
  • Once the files have been downloaded click on NEXT
    
  • Now click on Scan Settings
    
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
      
    • Scan Options:
      Scan Archives
      Scan Mail Bases
      

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information into your next post.

[Hybridhawk]

I ran the scan and this is what I got back:

Thursday, September 11, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, September 11, 2008 07:07:17

Records in database: 1211231

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

Scan area My Computer

A:\

C:\

D:\

E:\

Scan statistics

Files scanned 36649

Threat name 0

Infected objects 0

Suspicious objects 0

Duration of the scan 00:36:34

No malware has been detected. The scan area is clean.

The selected area was scanned.

I am beginning to think that my computer is very clean, I just have some registry/settings problems left over from when the viruses hit. Is there a way to restore that stuff to default without re-formatting?

[sarahw]

Hi,

I am beginning to think that my computer is very clean, I just have some registry/settings problems left over from when the viruses hit. Is there a way to restore that stuff to default without re-formatting?

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).

Click Scan.

When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad.

Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.

Click the Logs tab.

Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply post the Malwarebytes' Anti-Malware log.

[Hybridhawk]

This is what I came up with:

Malwarebytes' Anti-Malware 1.28

Database version: 1141

Windows 5.1.2600 Service Pack 3

9/11/2008 10:57:58 AM

mbam-log-2008-09-11 (10-57-58).txt

Scan type: Full Scan (A:\|C:\|D:\|)

Objects scanned: 85552

Time elapsed: 26 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[sarahw]

Hi,

It doesn't look like there is anything wrong with the registry. I wouldn't change anything in the reigstry as its likely to leave your computer in a bad state.

1.

Time for some housekeeping

• Click START then RUN
  
• Now type Combofix /u in the runbox and click OK
  
  • 
    

The above procedure will:

• Delete the following:
  • ComboFix and its associated files and folders.
    
  • VundoFix backups, if present
    
  • The C:\Deckard folder, if present
    
  • The C:_OtMoveIt folder, if present
    

  [*] Reset the clock settings.

  [*] Hide file extensions, if required.

  [*] Hide System/Hidden files, if required.

  [*] Reset System Restore.

2.

Please download OTCleanIt from HERE to your desktop.

Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.

You can now Rehide your system files by using the reversal of these instructions HERE

Congratulations, your log is now clean.

A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware is also great addition to your computers security. Here is a list of tools I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again.

Note: DO NOT install more than one antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one.

Free Online Scans:

Free Active X and Java based online scans. You can use these scans from other companies and it will not interfere with your current Anti Virus. If you find that you are infected, post a Hijack This log in the forums.

• Kapersky online scan
  
• Panda Online Scan
  
• F-Secure Online Scan
  
• TrendMicro HouseCall online scan
  
• Bit Defender online scan
  

Free Temp Cleaners:

Use these tools to clean temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ATF cleaner recommended.

• CCleaner
  
• ATF Cleaner
  

Free Firewall Downloads:

You must have a Firewall installed on your computer. This helps stop anything from leaving or entering your computer without your permission.

• ZoneAlarm
  
• Kerio Firewall
  

Free Anti Spyware Downloads:

An Antispyware is a great tool that can help remove infections along side your Anti Virus. Some include real time protection, scheduled scans and automatic definition updates.

• AVG Antispyware
  
• A-Squared Antispyware
  
• SpywareGuard
  
• SpywareBlaster
  
• SpywareTerminator
  
• Spybot Search & Destroy
  
• Ad Aware
  

Free Anti Virus Downloads:

A must have for all computers. Avast! recommended.

• SpywareTerminator With ClamAV Enabled.
  
• AntiVir
  
• Avast!
  
• Grisoft AVG
  
• Bit Defender Free
  
• a² Free
  
• Comodo BOClean
  
• SuperAntiSpyware
  

Other Free Tools:

• SpywareGuard
  Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd
  This tool puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• Memtest86
  Great memory testing software.
  
• CPU-Z
  This application gives detailed information about your system in a nice layout
  
• Speedfan
  Returns and monitors system temperatures.
  
• Windows Updates
  It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  

Useful Reading:

Slow Computer? HERE are some tips to speed it up.

Where do infections come from? How did I get an infection? Click HERE for some tips on preventing future infections.

If you have any other problems or questions be sure to ask.

[Hybridhawk]

Well I got it cleaned up, thanks for all the help, I couldn't have fixed this thing without you guys. I wish I could figure out what this thing on my desktop is but my computer is clean of all viruses/malware/trojans and that is what is really important. Thanks a ton!

[sarahw]

Do you mean the white box in the corner? Can you right click the desktop, select properties, click the desktop tab, then change the desktop picture and color. click apply then ok. Did that help?

[Hybridhawk]

No, its almost like there is some application there, it actually flashes gray any time I move an icon over it. Its really wierd. I have messed with all kinds of desktop settings and it just wont go away.

[sarahw]

Hi,

Can you post a Hijack This log.