Picked up a nasty. Would appreciate some help.

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 5.3.2025 / 13:29

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > picked up a nasty. would appreciate some help.

Browse by topic

Forums

Start a new thread

Picked up a nasty. Would appreciate some help.

Jump to:

Posted

Message

proxyRAX

Junior Member

18. November 2008 @ 00:25

Link to this message

I caught something nasty today, and have spent the last 6 hours battling with it. What happened was I had a stroke of idiocy and ran a file with a virus in it. Avast immediately gave me about 20 popups about different viruses with different names. I ran through and deleted them as fast as I could and tried to take care of the thing myself. I ran a CCleaner registry sweep and another Avast sweep. After some time, Avast started giving me messages about email messages that I was sending out. I terminated them, but I don't know how well that worked. My internet browsers meanwhile, were also affected. I could get to google, and search there, but once I tried to go somewhere else, it redirected me to a virus-defender page generated by the virus itself. This happened on Firefox and Opera. Chrome did not let me do anything. No page showed on it, no matter what I typed in the URL bar. Abandoning all automated methods, I went is search of the damned URL hooks but could not find them. On the way, I cleared a bunch f garbage from my Program Files folder, the root directory of my backup drive and a bunch of other infected places. Naturally, the problem persisted. Here is a hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:59:12 PM, on 11/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\WINDOWS\system32\Rundll32.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\DOCUME~1\monkey\LOCALS~1\Temp\winlogin.exe
E:\WINDOWS\System32\rs32net.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\DisplayFusion\DisplayFusion.exe
E:\Program Files\Electronic Arts\EADM\Core.exe
E:\DOCUME~1\monkey\LOCALS~1\Temp\csrssc.exe
E:\WINDOWS\System32\rs32net.exe
E:\Program Files\RALINK\Common\RaUI.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\PeerGuardian2\pg2.exe
E:\Program Files\Alwil Software\Avast4\ashSimpl.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\NOTEPAD.EXE
F:\Downloads\hijackthis\HijackThis.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: E:\WINDOWS\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - E:\WINDOWS\system32\jsne87fidgf.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OSSelectorReinstall] E:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [xsjfn83jkemfofght] E:\DOCUME~1\monkey\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [rs32net] E:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\monkey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DisplayFusion] "E:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [EA Core] E:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Comrade.exe] E:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [xsjfn83jkemfofght] E:\DOCUME~1\monkey\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] E:\DOCUME~1\monkey\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [rs32net] E:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] E:\RECYCLER\S-1-5-21-0865879383-2990170196-581310326-8476\winigon.exe
O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = E:\Program Files\RALINK\Common\RaUI.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1224964467378
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

If there is any advice you can give me, I would love to hear it.

[ + quote]

So...who wants to play TF2 with me?

cdavfrew

Senior Member

18. November 2008 @ 05:06

Link to this message

Hi proxyRAX

Your HijackThis log does indeed show signs of malware affecting your Internet.

Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

Configuring Malwarebytes

? Click on the tab Settings.
? Make sure only these boxes are checked:

Terminate Internet Explorer

Automatically save and display logfile after removal

Always scan memory objects

Always scan registry objects

Always scan filesystem

Always scan extra and heuristics objects

Updating Malwarebytes

? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.

Scanning Time

? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

Post A Log

? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.

Best Regards :D

[ + quote]

Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

proxyRAX

Junior Member

18. November 2008 @ 17:42

Link to this message

The mbam-setup file does not actually install it. I see the process running in Task Manager, and I see several if I press it several times, but the setup does not actually appear.

I am considering reformatting, but I really do not want to. I can try getting hjt to fix some of the suspicious log messages, but I am unsure of which to start clicking away at.

EDIT: Ok, after some fiddling, I got everything done. Google Chrome is up and things are better than before. Thanks for the help. Please tell me if I need to do anything else. Here is the log:

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

11/18/2008 8:06:33 PM
mbam-log-2008-11-18 (20-06-33).txt

Scan type: Full Scan (E:\|)
Objects scanned: 140273
Time elapsed: 25 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
E:\WINDOWS\Temp\csrssc.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
E:\WINDOWS\system32\jsne87fidgf.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b200799f-9538-403d-9a6e-36f5942ec540} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\jsne87fidgf.dll (Trojan.BHO) -> Delete on reboot.
E:\WINDOWS\system32\fklame32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{FCD9B35E-2887-4C3D-98C7-0BBFA09C6CCC}\RP68\A0025952.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\monkey\Local Settings\Temp\winlogin.exe (Trojan.Agent) -> Delete on reboot.
E:\Documents and Settings\monkey\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
E:\Documents and Settings\Administrator\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\monkey\Local Settings\Temp\TDSS8b8d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\Documents and Settings\monkey\Local Settings\Temp\TDSS8b9d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\WINDOWS\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\TDSSncur.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\TDSSqxgx.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\TDSSwgod.log (Trojan.TDSS) -> Quarantined and deleted successfully.

[ + quote]

So...who wants to play TF2 with me?

This message has been edited since posting. Last time this message was edited on 18. November 2008 @ 20:13

cdavfrew

Senior Member

18. November 2008 @ 22:14

Link to this message

Hey proxyRAX

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.

? Run Combo-Fix.exe and follow the prompts.
? Accept the End-User License Agreement.
? Allow the Recovery Console to be installed.
? When you see the window below, click on Yes.

? When the Recovery Console has been installed, click on Yes to start the scan.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be fully completed.
? If it requires a reboot, please do so.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards :D

[ + quote]

proxyRAX

Junior Member

19. November 2008 @ 00:00

Link to this message

Here you go. Thanks again for helping out.

ComboFix 08-11-18.04 - monkey 2008-11-18 23:42:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2690 [GMT -5:00]
Running from: e:\documents and settings\monkey\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\Temp\1582912848.exe
e:\windows\Temp\271165018.exe
e:\windows\Temp\3304664302.exe
e:\windows\Temp\916016038.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Legacy_RESTORE
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\documents and settings\monkey\Application Data\Malwarebytes
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-18 19:31 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 19:31 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-11-18 17:14 . 2008-11-18 17:14 <DIR> d-------- e:\documents and settings\Administrator
2008-11-17 22:12 . 2008-11-17 22:12 65,263 --a------ e:\windows\system32\cmdl.exe
2008-11-17 22:12 . 2008-11-17 22:12 2,535 --a------ e:\windows\system32\cnf.dat
2008-11-17 22:12 . 2008-11-17 23:15 527 --a------ e:\windows\system32\TDSSitpe.dat
2008-11-17 21:54 . 2008-11-17 21:54 <DIR> d-------- e:\program files\Sun
2008-11-17 21:54 . 2008-11-17 21:54 410,976 --a------ e:\windows\system32\deploytk.dll
2008-11-17 21:54 . 2008-11-17 21:54 73,728 --a------ e:\windows\system32\javacpl.cpl
2008-11-17 21:53 . 2008-11-17 21:54 <DIR> d-------- e:\program files\Java
2008-11-17 19:10 . 2008-11-17 19:10 <DIR> d-------- e:\documents and settings\monkey\.idlerc
2008-11-17 18:45 . 2008-11-17 18:45 <DIR> d-------- e:\program files\Python
2008-11-14 00:00 . 2008-11-14 00:00 <DIR> d-------- e:\program files\Microsoft Reader
2008-11-14 00:00 . 2003-06-05 17:15 57,436 --a------ e:\windows\DASShp.dll
2008-11-11 23:23 . 2008-09-04 12:15 1,106,944 --a------ e:\windows\system32\SET29.tmp
2008-11-11 23:23 . 2008-09-04 12:15 1,106,944 -----c--- e:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:23 . 2008-10-24 06:21 455,296 -----c--- e:\windows\system32\dllcache\mrxsmb.sys
2008-11-06 18:46 . 2008-04-13 19:11 1,689,088 ---h---t- e:\windows\system32\e262906.dll
2008-11-06 18:46 . 2008-04-13 19:11 1,689,088 ---h---t- e:\windows\system32\323a8118.dll
2008-11-06 18:46 . 2008-04-13 19:12 82,432 ---h---t- e:\windows\system32\66bb4d8.dll
2008-11-06 18:46 . 2008-04-13 19:12 82,432 ---h---t- e:\windows\system32\3aaeb76.dll
2008-11-05 21:13 . 2008-11-05 21:13 <DIR> d-------- E:\Nexon
2008-11-05 21:13 . 2008-11-05 21:15 <DIR> d-------- e:\documents and settings\All Users\Application Data\NexonUS
2008-11-04 15:03 . 2008-04-13 14:40 43,904 --a------ e:\windows\system32\drivers\sbp2port.sys
2008-11-04 15:03 . 2008-04-13 14:40 43,904 --a--c--- e:\windows\system32\dllcache\sbp2port.sys
2008-11-04 13:25 . 2008-11-04 13:25 <DIR> d-------- e:\documents and settings\All Users\Application Data\Acronis
2008-11-04 13:20 . 2008-11-04 13:20 <DIR> d-------- e:\program files\Common Files\Acronis
2008-11-04 11:37 . 2008-11-04 11:37 <DIR> d-------- e:\program files\Acronis
2008-11-04 11:37 . 2008-11-04 11:37 114,048 --a------ e:\windows\system32\drivers\snapman.sys
2008-11-04 11:28 . 2008-11-04 11:43 <DIR> d-------- e:\documents and settings\monkey\Application Data\InfraRecorder
2008-11-04 11:27 . 2008-11-04 11:27 <DIR> d-------- e:\program files\InfraRecorder
2008-11-03 19:32 . 2008-11-03 19:33 107,888 --a------ e:\windows\system32\CmdLineExt.dll
2008-11-02 19:38 . 2008-11-02 19:38 <DIR> d-------- e:\program files\Audacity
2008-11-02 10:06 . 2008-11-02 10:06 1,228 --a------ e:\windows\system32\ealregsnapshot1.reg
2008-11-02 09:41 . 2008-11-02 09:41 <DIR> d-------- e:\program files\Network Stumbler
2008-11-02 09:40 . 2008-11-02 10:06 <DIR> d-------- e:\program files\NeoSmart Technologies
2008-11-02 09:39 . 2008-11-02 09:39 <DIR> d-------- e:\windows\system32\RNBOSENT
2008-11-02 09:39 . 2008-11-02 09:39 <DIR> d-------- e:\documents and settings\monkey\WINDOWS
2008-11-02 09:39 . 2006-11-22 10:01 693,760 --a------ e:\windows\system32\drivers\hardlock.sy_
2008-11-02 09:39 . 1998-07-30 13:51 305,152 --a------ e:\windows\IsUninst.exe
2008-11-02 09:39 . 2001-06-21 21:39 73,728 --a------ e:\windows\system32\drivers\SENTINEL.SYS
2008-11-02 09:39 . 2001-06-21 21:39 49,664 --a------ e:\windows\system32\SNTI386.DLL
2008-11-02 09:39 . 2001-06-21 21:39 20,032 -ra------ e:\windows\system32\drivers\SNTNLUSB.SYS
2008-11-02 09:39 . 2001-06-21 21:39 18,432 --a------ e:\windows\system32\RNBOVDD.DLL
2008-11-02 09:39 . 2001-06-21 21:39 9,949 --------- e:\windows\system32\SENTINEL.HLP
2008-11-02 09:39 . 2008-10-25 19:37 2,626 --a------ e:\windows\system32\config.hsp
2008-11-02 09:37 . 2008-11-02 09:37 <DIR> d-------- e:\program files\Autodesk
2008-11-02 09:36 . 2008-11-02 09:36 <DIR> d-------- e:\program files\Common Files\Autodesk Shared
2008-11-02 09:36 . 2008-11-02 09:36 <DIR> d-------- e:\program files\Common Files\Alias Shared
2008-11-01 12:43 . 2008-11-01 12:43 <DIR> d-------- e:\program files\Netscape6
2008-11-01 12:43 . 2008-11-01 12:43 <DIR> d-------- e:\program files\library
2008-11-01 12:43 . 2008-11-01 12:43 <DIR> d-------- e:\program files\Devices
2008-11-01 12:43 . 2008-11-01 12:43 <DIR> d-------- e:\program files\DataCache
2008-11-01 12:43 . 2008-11-01 12:43 <DIR> d-------- e:\program files\Common Files\xing shared
2008-11-01 12:43 . 2008-11-01 12:43 <DIR> d-------- e:\program files\Common Files\Real
2008-11-01 12:22 . 2008-11-01 12:23 <DIR> d-------- e:\windows\UltraDefrag
2008-11-01 10:57 . 2008-11-01 10:57 49,152 --a------ e:\windows\system32\md5sum.exe
2008-11-01 10:44 . 2008-11-01 10:45 <DIR> d-------- e:\documents and settings\monkey\Application Data\mIRC
2008-11-01 10:42 . 2008-11-04 14:56 <DIR> d-------- E:\Fraps
2008-11-01 10:42 . 2008-11-18 23:41 <DIR> d-a------ e:\documents and settings\All Users\Application Data\TEMP
2008-10-29 19:29 . 2008-10-29 19:29 940,794 --a------ e:\windows\system32\LoopyMusic.wav
2008-10-29 19:29 . 2008-10-29 19:29 146,650 --a------ e:\windows\system32\BuzzingBee.wav
2008-10-29 19:28 . 2008-10-29 19:28 <DIR> d-------- e:\windows\system32\Lang
2008-10-29 19:24 . 2007-11-13 23:18 553 --a------ e:\windows\USetup.iss
2008-10-29 19:22 . 2008-10-29 19:22 <DIR> d-------- e:\program files\Realtek
2008-10-28 20:31 . 2008-10-28 20:31 <DIR> d-------- e:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-28 20:30 . 2008-10-28 20:30 <DIR> d-------- e:\program files\Common Files\Adobe Systems Shared
2008-10-28 20:19 . 2008-10-28 20:19 <DIR> d-------- e:\program files\Common Files\Adobe AIR
2008-10-28 20:19 . 2008-10-28 20:34 <DIR> d-------- e:\program files\Common Files\Adobe
2008-10-28 17:42 . 2008-10-28 17:42 <DIR> d-------- e:\documents and settings\monkey\Application Data\Media Player Classic
2008-10-28 00:02 . 2008-10-28 00:02 <DIR> d-------- e:\program files\Bethesda Softworks
2008-10-27 23:28 . 2008-10-27 23:28 <DIR> d-------- e:\documents and settings\monkey\Application Data\InstallShield Installation Information
2008-10-27 23:14 . 2008-10-27 23:14 <DIR> d-------- e:\program files\Unreal Tournament 3
2008-10-27 23:13 . 2008-10-27 23:13 <DIR> d-------- e:\windows\system32\AGEIA
2008-10-27 23:13 . 2008-10-27 23:13 <DIR> d-------- e:\program files\Common Files\Wise Installation Wizard
2008-10-27 23:13 . 2008-10-27 23:14 <DIR> d-------- e:\program files\AGEIA Technologies
2008-10-27 20:10 . 2008-11-08 01:02 <DIR> d-------- e:\documents and settings\monkey\Application Data\Apple Computer
2008-10-27 20:10 . 2008-04-17 12:12 107,368 --a------ e:\windows\system32\GEARAspi.dll
2008-10-27 20:10 . 2008-04-17 12:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-27 20:09 . 2008-10-27 20:09 <DIR> d-------- e:\program files\QuickTime
2008-10-27 20:09 . 2008-10-27 20:10 <DIR> d-------- e:\program files\iTunes
2008-10-27 20:09 . 2008-10-27 20:09 <DIR> d-------- e:\program files\iPod
2008-10-27 20:09 . 2008-10-27 20:09 <DIR> d-------- e:\program files\Common Files\Apple
2008-10-27 20:09 . 2008-10-27 20:09 <DIR> d-------- e:\program files\Bonjour
2008-10-27 20:09 . 2008-10-27 20:09 <DIR> d-------- e:\program files\Apple Software Update
2008-10-27 20:09 . 2008-10-27 20:09 <DIR> d-------- e:\documents and settings\All Users\Application Data\Apple Computer
2008-10-27 20:09 . 2008-10-27 20:09 <DIR> d-------- e:\documents and settings\All Users\Application Data\Apple
2008-10-27 20:09 . 2008-10-27 20:10 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-27 19:41 . 2008-10-27 19:41 <DIR> d-------- e:\program files\AbiSuite2
2008-10-27 19:41 . 2008-10-27 19:41 <DIR> d-------- e:\documents and settings\monkey\AbiSuite
2008-10-27 19:33 . 2008-04-13 13:45 26,368 --a--c--- e:\windows\system32\dllcache\usbstor.sys
2008-10-26 08:05 . 2008-10-26 08:05 <DIR> d-------- e:\program files\DAEMON Tools Lite
2008-10-25 23:04 . 2008-10-25 23:04 <DIR> d-------- e:\program files\GameSpy
2008-10-25 23:03 . 2008-10-25 23:03 <DIR> d-------- e:\windows\system32\URTTEMP
2008-10-25 22:58 . 2008-10-25 22:58 <DIR> d--h-c--- e:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2008-10-25 22:58 . 2008-10-25 22:58 669,184 --a------ e:\windows\system32\pbsvc.exe
2008-10-25 22:41 . 2008-10-25 22:41 <DIR> d-------- e:\program files\Electronic Arts
2008-10-25 22:41 . 2008-10-25 22:41 <DIR> d-------- e:\documents and settings\monkey\Application Data\DAEMON Tools
2008-10-25 22:41 . 2008-10-25 22:41 717,296 --a------ e:\windows\system32\drivers\sptd.sys
2008-10-25 21:46 . 2008-10-25 21:46 0 --a------ e:\windows\nsreg.dat
2008-10-25 21:44 . 2008-10-25 21:44 <DIR> d-------- e:\program files\Opera
2008-10-25 21:43 . 2008-10-25 21:43 <DIR> d-------- e:\windows\Logs
2008-10-25 19:48 . 2008-10-25 19:48 <DIR> d-------- e:\program files\Logitech
2008-10-25 19:48 . 2008-10-25 19:48 <DIR> d-------- e:\program files\Common Files\Logitech
2008-10-25 19:48 . 2008-10-25 19:48 <DIR> d-------- e:\documents and settings\All Users\Application Data\Logitech
2008-10-25 19:42 . 2008-10-25 19:42 <DIR> d-------- e:\documents and settings\monkey\Application Data\Viewpoint
2008-10-25 19:36 . 2008-10-25 19:36 <DIR> d-------- e:\program files\Alwil Software
2008-10-25 19:36 . 2003-03-18 16:20 1,060,864 --a------ e:\windows\system32\MFC71.dll
2008-10-25 19:36 . 2003-03-18 15:14 499,712 --a------ e:\windows\system32\MSVCP71.dll
2008-10-25 19:25 . 2008-10-25 19:25 <DIR> d-------- e:\windows\system32\LogFiles
2008-10-25 19:25 . 2008-11-12 00:22 202,320 --a------ e:\windows\system32\PnkBstrB.exe
2008-10-25 19:25 . 2008-11-12 00:22 138,408 --a------ e:\windows\system32\drivers\PnkBstrK.sys
2008-10-25 19:25 . 2008-10-25 20:08 66,872 --a------ e:\windows\system32\PnkBstrA.exe
2008-10-25 19:25 . 2008-10-25 22:59 22,328 --a------ e:\documents and settings\monkey\Application Data\PnkBstrK.sys
2008-10-25 19:25 . 2008-10-25 19:25 319 --a------ e:\windows\game.ini
2008-10-25 19:11 . 2008-10-25 19:11 <DIR> d-------- e:\program files\Activision
2008-10-25 18:15 . 2008-10-25 18:15 <DIR> d-------- e:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-25 18:05 . 2008-10-25 18:05 <DIR> d-------- e:\windows\system32\scripting
2008-10-25 18:05 . 2008-10-25 18:05 <DIR> d-------- e:\windows\system32\en
2008-10-25 18:05 . 2008-10-25 18:05 <DIR> d-------- e:\windows\l2schemas
2008-10-25 18:03 . 2008-10-25 18:03 <DIR> d--hs---- e:\windows\ftpcache
2008-10-25 17:53 . 2008-10-25 17:53 <DIR> d-------- e:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 05:00 --------- d--h--w e:\program files\InstallShield Installation Information
2008-10-30 00:22 319,488 ----a-w e:\windows\HideWin.exe
2008-10-26 02:44 --------- d-----w e:\program files\Common Files\InstallShield
2008-10-25 19:39 21,275 ----a-w e:\windows\system32\drivers\AegisP.sys
2008-10-25 19:38 --------- d-----w e:\program files\RALINK
2008-10-25 19:28 --------- d-----w e:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w e:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Aim6"="e:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Google Update"="e:\documents and settings\monkey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-25 133104]
"Steam"="e:\program files\steam\steam.exe" [2008-10-25 1410296]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DisplayFusion"="e:\program files\DisplayFusion\DisplayFusion.exe" [2008-04-27 548528]
"EA Core"="e:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Comrade.exe"="e:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"="e:\recycler\S-1-5-21-0865879383-2990170196-581310326-8476\winigon.exe" [2008-11-17 72704]
"Fraps"="e:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CTSysVol"="e:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"Launch LCDMon"="e:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168]
"Launch LGDCore"="e:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-01 185872]
"OSSelectorReinstall"="e:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-11-17 136600]
"P17Helper"="P17.dll" [2005-05-03 e:\windows\system32\P17.dll]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 e:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 e:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 e:\windows\alcwzrd.exe]

e:\documents and settings\monkey\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - e:\program files\RALINK\Common\RaUI.exe [2008-10-25 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3kaxx.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"e:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"e:\\Nexon\\Combat Arms\\NMService.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\source 2007 dedicated server\\srcds.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\counter-strike source\\hl2.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=

R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-10-25 78416]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-25 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"e:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-25 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;e:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S0 ati3kaxx;ati3kaxx;e:\windows\system32\Drivers\ati3kaxx.sys []
S3 ALSysIO;ALSysIO;\??\e:\docume~1\monkey\LOCALS~1\Temp\ALSysIO.sys []
S3 cpuz130;cpuz130;\??\e:\docume~1\monkey\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\e:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 WinRing0_1_1_1;WinRing0_1_1_1;\??\e:\documents and settings\monkey\My Documents\Downloads\RealTemp_2.70\RealTemp_2.70\WinRing0.sys [2008-11-04 13904]
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aed31714-ad57-11dd-a903-001f1f1fd953}]
\Shell\Auto\command - servver.exe
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL servver.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-19 e:\windows\Tasks\GoogleUpdateTaskUser.job
- e:\documents and settings\monkey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-25 15:33]

2008-11-18 e:\windows\Tasks\User_Feed_Synchronization-{1047BDD1-3F1B-4970-8459-8040651C244F}.job
- e:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - e:\documents and settings\monkey\Application Data\Mozilla\Firefox\Profiles\cmldeqhe.default\
FF -: plugin - e:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - e:\documents and settings\monkey\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - e:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - e:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 23:52:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\ati2evxx.exe
e:\program files\Alwil Software\Avast4\aswUpdSv.exe
e:\program files\Alwil Software\Avast4\ashServ.exe
e:\windows\system32\ati2evxx.exe
e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\wdfmgr.exe
e:\program files\Alwil Software\Avast4\ashMaiSv.exe
e:\program files\Alwil Software\Avast4\ashWebSv.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\windows\system32\rundll32.exe
e:\program files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
e:\program files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
e:\program files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
e:\program files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
e:\program files\iPod\bin\iPodService.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
e:\program files\iTunes\iTunes.exe
e:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-11-18 23:56:22 - machine was rebooted [monkey]
ComboFix-quarantined-files.txt 2008-11-19 04:56:19

Pre-Run: 564,740,575,232 bytes free
Post-Run: 564,650,266,624 bytes free

299 --- E O F --- 2008-11-13 08:00:36

[ + quote]

So...who wants to play TF2 with me?

cdavfrew

Senior Member

21. November 2008 @ 05:07

Link to this message

Hey proxyRAX

Sorry for the late reply. I was busy and couldn't get online.

You're almost clean! Here are your new set of instructions:

1.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

File::

e:\windows\system32\cmdl.exe 

e:\windows\system32\cnf.dat 

e:\windows\system32\TDSSitpe.dat 

e:\windows\system32\e262906.dll 

e:\windows\system32\323a8118.dll 

e:\windows\system32\66bb4d8.dll 

e:\windows\system32\3aaeb76.dll 

e:\windows\l2schemas 



DirLook::

e:\windows\ftpcache

? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

2.
Zip this folder up: C:\Qoobox and upload it to http://www.uploadmalware.com/

Things I'll need in your next post:
1. ComboFix log
2. What problems do you have left?

Best Regards :D

[ + quote]

proxyRAX

Junior Member

2. December 2008 @ 22:52

Link to this message

Sorry for the long delay. Had some hiccups on my UNIX computer I had to sort out first. Sigh.

ComboFix 08-11-18.04 - monkey 2008-12-02 22:42:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2357 [GMT -5:00]
Running from: e:\documents and settings\monkey\My Documents\Downloads\ComboFix.exe
Command switches used :: e:\documents and settings\monkey\My Documents\Downloads\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
e:\windows\system32\323a8118.dll
e:\windows\system32\3aaeb76.dll
e:\windows\system32\66bb4d8.dll
e:\windows\system32\cmdl.exe
e:\windows\system32\cnf.dat
e:\windows\system32\e262906.dll
e:\windows\system32\TDSSitpe.dat
e:\windows\l2schemas :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\323a8118.dll
e:\windows\system32\3aaeb76.dll
e:\windows\system32\66bb4d8.dll
e:\windows\system32\cmdl.exe
e:\windows\system32\cnf.dat
e:\windows\system32\e262906.dll
e:\windows\system32\sysmgr.exe
e:\windows\system32\TDSSitpe.dat
G:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-11-28 18:52 . 2008-11-28 18:55 <DIR> d-------- e:\documents and settings\monkey\Application Data\vlc
2008-11-28 18:51 . 2008-11-28 18:51 <DIR> d-------- e:\program files\VideoLAN
2008-11-27 14:45 . 2008-11-27 14:45 <DIR> d-------- e:\windows\LastGood
2008-11-24 19:07 . 2008-11-24 19:07 <DIR> d-------- e:\windows\Sun
2008-11-24 18:41 . 2008-11-24 18:41 <DIR> d-------- e:\program files\CodeBlocks
2008-11-24 18:40 . 2008-11-24 18:41 <DIR> d-------- e:\program files\Celestia
2008-11-23 07:15 . 2008-10-16 14:06 268,648 --a------ e:\windows\system32\mucltui.dll
2008-11-23 07:15 . 2008-10-16 14:06 208,744 --a------ e:\windows\system32\muweb.dll
2008-11-23 07:15 . 2008-10-16 14:06 27,496 --a------ e:\windows\system32\mucltui.dll.mui
2008-11-23 07:04 . 2006-10-26 19:56 32,592 --a------ e:\windows\system32\msonpmon.dll
2008-11-23 07:03 . 2008-11-23 07:03 <DIR> d-------- e:\program files\MSBuild
2008-11-23 07:03 . 2008-11-23 07:03 <DIR> d-------- e:\program files\Microsoft Works
2008-11-23 07:02 . 2008-11-23 07:02 <DIR> d-------- e:\program files\Microsoft.NET
2008-11-23 06:59 . 2008-11-23 06:59 <DIR> d-------- e:\program files\Microsoft Visual Studio 8
2008-11-23 06:58 . 2008-11-23 07:03 <DIR> d-------- e:\windows\SHELLNEW
2008-11-23 06:58 . 2008-11-23 06:58 <DIR> dr-h----- E:\MSOCache
2008-11-23 06:58 . 2008-11-24 03:08 <DIR> d-------- e:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-22 12:36 . 2008-11-22 12:36 <DIR> d-------- e:\program files\XP Codec Pack
2008-11-22 12:36 . 2008-07-09 03:05 421,888 --a------ e:\windows\system32\ac3filter.acm
2008-11-21 17:08 . 2008-11-21 17:08 <DIR> d-------- e:\program files\Common Files\xing shared
2008-11-21 17:07 . 2008-11-21 17:07 46,080 --a------ e:\documents and settings\monkey\12273052223696.exe
2008-11-21 07:24 . 2008-11-21 07:24 46,080 --a------ e:\documents and settings\monkey\12272702421468.exe
2008-11-20 19:55 . 2008-11-20 19:55 46,080 --a------ e:\documents and settings\monkey\12272289153104.exe
2008-11-20 19:48 . 2008-11-20 19:48 46,080 --a------ e:\documents and settings\monkey\1227228530280.exe
2008-11-20 19:30 . 2008-11-20 19:30 46,080 --a------ e:\documents and settings\monkey\12272274383124.exe
2008-11-20 17:25 . 2008-11-20 17:25 102,427 --a------ e:\windows\system32\msvcrt2.dll
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\documents and settings\monkey\Application Data\Malwarebytes
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-18 19:31 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 19:31 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-11-18 17:14 . 2008-11-18 17:14 <DIR> d-------- e:\documents and settings\Administrator
2008-11-17 21:54 . 2008-11-17 21:54 <DIR> d-------- e:\program files\Sun
2008-11-17 21:54 . 2008-11-17 21:54 410,976 --a------ e:\windows\system32\deploytk.dll
2008-11-17 21:54 . 2008-11-17 21:54 73,728 --a------ e:\windows\system32\javacpl.cpl
2008-11-17 21:53 . 2008-11-17 21:54 <DIR> d-------- e:\program files\Java
2008-11-17 19:10 . 2008-11-17 19:10 <DIR> d-------- e:\documents and settings\monkey\.idlerc
2008-11-17 18:45 . 2008-11-17 18:45 <DIR> d-------- e:\program files\Python
2008-11-14 00:00 . 2008-11-14 00:00 <DIR> d-------- e:\program files\Microsoft Reader
2008-11-14 00:00 . 2003-06-05 17:15 57,436 --a------ e:\windows\DASShp.dll
2008-11-11 23:23 . 2008-09-04 12:15 1,106,944 --a------ e:\windows\system32\SET29.tmp
2008-11-11 23:23 . 2008-09-04 12:15 1,106,944 -----c--- e:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:23 . 2008-10-24 06:21 455,296 -----c--- e:\windows\system32\dllcache\mrxsmb.sys
2008-11-05 21:13 . 2008-11-05 21:13 <DIR> d-------- E:\Nexon
2008-11-05 21:13 . 2008-11-05 21:15 <DIR> d-------- e:\documents and settings\All Users\Application Data\NexonUS
2008-11-04 15:03 . 2008-04-13 14:40 43,904 --a------ e:\windows\system32\drivers\sbp2port.sys
2008-11-04 15:03 . 2008-04-13 14:40 43,904 --a--c--- e:\windows\system32\dllcache\sbp2port.sys
2008-11-04 13:25 . 2008-11-04 13:25 <DIR> d-------- e:\documents and settings\All Users\Application Data\Acronis
2008-11-04 13:20 . 2008-11-04 13:20 <DIR> d-------- e:\program files\Common Files\Acronis
2008-11-04 11:37 . 2008-11-04 11:37 <DIR> d-------- e:\program files\Acronis
2008-11-04 11:37 . 2008-11-04 11:37 114,048 --a------ e:\windows\system32\drivers\snapman.sys
2008-11-04 11:28 . 2008-11-04 11:43 <DIR> d-------- e:\documents and settings\monkey\Application Data\InfraRecorder
2008-11-04 11:27 . 2008-11-04 11:27 <DIR> d-------- e:\program files\InfraRecorder
2008-11-03 19:32 . 2008-11-03 19:33 107,888 --a------ e:\windows\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 03:43 --------- d-----w e:\documents and settings\monkey\Application Data\uTorrent
2008-12-03 00:45 --------- d-----w e:\program files\Steam
2008-12-02 04:49 137,688 ----a-w e:\windows\system32\drivers\PnkBstrK.sys
2008-12-02 04:48 202,040 ----a-w e:\windows\system32\PnkBstrB.exe
2008-11-30 18:16 --------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2008-11-21 22:08 348,160 ----a-w e:\windows\system32\msvcr71.dll
2008-11-21 22:08 --------- d-----w e:\program files\Common Files\Real
2008-11-20 05:51 --------- d-----w e:\documents and settings\monkey\Application Data\Apple Computer
2008-11-18 22:15 14,336 ----a-w e:\windows\system32\svchost.exe
2008-11-18 05:10 --------- d-----w e:\program files\PeerGuardian2
2008-11-14 05:00 --------- d--h--w e:\program files\InstallShield Installation Information
2008-11-03 00:38 --------- d-----w e:\program files\Audacity
2008-11-02 15:06 --------- d-----w e:\program files\NeoSmart Technologies
2008-11-02 14:41 --------- d-----w e:\program files\Network Stumbler
2008-11-02 14:37 --------- d-----w e:\program files\Autodesk
2008-11-02 14:36 --------- d-----w e:\program files\Common Files\Autodesk Shared
2008-11-02 14:36 --------- d-----w e:\program files\Common Files\Alias Shared
2008-11-01 17:43 --------- d-----w e:\program files\DataCache
2008-11-01 15:57 49,152 ----a-w e:\windows\system32\md5sum.exe
2008-11-01 15:45 --------- d-----w e:\documents and settings\monkey\Application Data\mIRC
2008-10-30 00:22 319,488 ----a-w e:\windows\HideWin.exe
2008-10-30 00:22 --------- d-----w e:\program files\Realtek
2008-10-29 01:34 --------- d-----w e:\program files\Common Files\Adobe
2008-10-29 01:31 --------- d-----w e:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-29 01:30 --------- d-----w e:\program files\Common Files\Adobe Systems Shared
2008-10-29 01:19 --------- d-----w e:\program files\Common Files\Adobe AIR
2008-10-28 22:42 --------- d-----w e:\documents and settings\monkey\Application Data\Media Player Classic
2008-10-28 05:02 --------- d-----w e:\program files\Bethesda Softworks
2008-10-28 04:28 --------- d-----w e:\documents and settings\monkey\Application Data\InstallShield Installation Information
2008-10-28 04:14 --------- d-----w e:\program files\Unreal Tournament 3
2008-10-28 04:14 --------- d-----w e:\program files\AGEIA Technologies
2008-10-28 04:13 --------- d-----w e:\program files\Common Files\Wise Installation Wizard
2008-10-28 01:10 --------- d-----w e:\program files\iTunes
2008-10-28 01:10 --------- d-----w e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 01:09 --------- d-----w e:\program files\QuickTime
2008-10-28 01:09 --------- d-----w e:\program files\iPod
2008-10-28 01:09 --------- d-----w e:\program files\Common Files\Apple
2008-10-28 01:09 --------- d-----w e:\program files\Bonjour
2008-10-28 01:09 --------- d-----w e:\program files\Apple Software Update
2008-10-28 01:09 --------- d-----w e:\documents and settings\All Users\Application Data\Apple Computer
2008-10-28 01:09 --------- d-----w e:\documents and settings\All Users\Application Data\Apple
2008-10-28 00:41 --------- d-----w e:\program files\AbiSuite2
2008-10-26 13:05 --------- d-----w e:\program files\DAEMON Tools Lite
2008-10-26 04:04 --------- d-----w e:\program files\GameSpy
2008-10-26 03:59 22,328 ----a-w e:\documents and settings\monkey\Application Data\PnkBstrK.sys
2008-10-26 03:58 669,184 ----a-w e:\windows\system32\pbsvc.exe
2008-10-26 03:58 --------- dc-h--w e:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2008-10-26 03:41 717,296 ----a-w e:\windows\system32\drivers\sptd.sys
2008-10-26 03:41 --------- d-----w e:\program files\Electronic Arts
2008-10-26 03:41 --------- d-----w e:\documents and settings\monkey\Application Data\DAEMON Tools
2008-10-26 02:44 --------- d-----w e:\program files\Opera
2008-10-26 02:44 --------- d-----w e:\program files\Common Files\InstallShield
2008-10-26 01:08 66,872 ----a-w e:\windows\system32\PnkBstrA.exe
2008-10-26 00:48 --------- d-----w e:\program files\Logitech
2008-10-26 00:48 --------- d-----w e:\program files\Common Files\Logitech
2008-10-26 00:48 --------- d-----w e:\documents and settings\All Users\Application Data\Logitech
2008-10-26 00:42 --------- d-----w e:\documents and settings\monkey\Application Data\Viewpoint
2008-10-26 00:36 --------- d-----w e:\program files\Alwil Software
2008-10-26 00:11 --------- d-----w e:\program files\Activision
2008-10-25 23:15 --------- d-----w e:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-25 22:53 --------- d-----w e:\program files\CCleaner
2008-10-25 21:57 --------- d-----w e:\documents and settings\All Users\Application Data\Creative
2008-10-25 21:35 --------- d-----w e:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-25 21:23 --------- d-----w e:\documents and settings\monkey\Application Data\Binary Fortress Software
2008-10-25 21:20 --------- d-----w e:\program files\KellySoftware
2008-10-25 21:20 --------- d-----w e:\program files\DisplayFusion
2008-10-25 21:06 --------- d-----w e:\program files\Creative
2008-10-25 20:31 --------- d-----w e:\documents and settings\monkey\Application Data\ATI
2008-10-25 20:31 --------- d-----w e:\documents and settings\All Users\Application Data\ATI
2008-10-25 20:28 --------- d-----w e:\program files\ATI Technologies
2008-10-25 20:26 --------- d-----w e:\program files\Common Files\ATI Technologies
2008-10-25 20:25 --------- d-----w e:\program files\Viewpoint
2008-10-25 20:25 --------- d-----w e:\program files\uTorrent
2008-10-25 20:25 --------- d-----w e:\program files\Common Files\AOL
2008-10-25 20:25 --------- d-----w e:\program files\AIM6
2008-10-25 20:25 --------- d-----w e:\documents and settings\monkey\Application Data\acccore
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\Viewpoint
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\AOL OCP
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\AOL
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\acccore
2008-10-25 19:39 21,275 ----a-w e:\windows\system32\drivers\AegisP.sys
2008-10-25 19:38 --------- d-----w e:\program files\RALINK
2008-10-25 19:32 155,995 ----a-w e:\windows\java\Packages\2PNJ3F7F.ZIP
2008-10-25 19:28 --------- d-----w e:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w e:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w e:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w e:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w e:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w e:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w e:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w e:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w e:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w e:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w e:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w e:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of e:\windows\ftpcache ----

((((((((((((((((((((((((((((( snapshot@2008-11-18_23.56.05.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-23 12:03:44 110,592 ----a-w e:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-11-23 12:03:42 65,536 ----a-w e:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2008-11-23 12:03:44 4,608 ----a-w e:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-11-23 12:03:42 1,215,328 ----a-w e:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2008-11-23 12:03:42 82,784 ----a-w e:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2008-11-23 12:03:38 31,560 ----a-w e:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2008-11-23 12:03:43 8,007,680 ----a-w e:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-11-23 12:03:38 16,712 ----a-w e:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2008-11-23 12:02:37 80,696 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-11-23 12:03:09 1,612,592 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2008-11-23 12:03:09 1,276,720 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-11-23 12:03:09 150,320 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-11-23 12:03:39 404,296 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2008-11-23 12:03:10 88,896 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-11-23 12:03:10 146,232 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2008-11-23 12:03:31 17,208 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2008-11-23 12:03:10 920,376 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-11-23 12:03:10 35,648 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-11-24 08:06:24 250,928 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-11-23 12:03:10 232,248 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2008-11-23 12:03:10 20,280 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-11-24 08:04:10 783,744 ----a-w e:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-11-23 12:03:43 13,312 ----a-w e:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-11-23 12:03:09 371,496 ----a-w e:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-11-23 12:03:10 64,288 ----a-w e:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-11-23 12:03:43 229,376 ----a-w e:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-11-23 12:03:44 4,096 ----a-w e:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-11-23 12:03:10 416,544 ----a-w e:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-11-23 12:02:36 12,104 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2008-11-23 12:02:38 12,096 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-11-23 12:03:18 12,096 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-11-23 12:03:39 12,616 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-11-23 12:03:39 12,616 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2008-11-23 12:03:32 12,104 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-11-23 12:03:31 12,632 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-11-23 12:03:32 12,112 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-11-23 12:03:35 12,104 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2008-11-23 12:03:28 12,104 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-11-23 12:03:37 12,096 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-11-23 12:03:28 12,080 ----a-w e:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-11-23 12:03:28 11,544 ----a-w e:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-11-23 12:03:43 16,384 ----a-w e:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-11-24 08:04:25 120,408 ----a-w e:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2008-11-23 12:03:47 367,400 ----a-w e:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2008-11-24 08:04:25 611,392 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2008-11-23 12:03:38 43,840 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2008-11-23 12:03:39 39,728 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2008-11-23 12:03:39 60,200 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2008-11-23 12:03:42 211,736 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2008-11-23 12:03:42 105,248 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2008-11-23 12:03:41 330,520 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2008-11-23 12:03:42 39,712 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2008-11-23 12:03:42 39,704 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2008-11-23 12:03:41 72,472 ----a-w e:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2008-11-23 12:03:42 47,832 ----a-w e:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2008-11-23 12:03:42 39,624 ----a-w e:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
+ 2006-10-27 00:49:48 1,011,488 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-27 00:49:46 970,528 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 20:00:10 576,376 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 02:18:12 162,616 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 20:00:12 1,751,904 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 20:00:10 576,376 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 20:00:06 47,976 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 20:00:08 191,360 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 01:13:34 338,800 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 01:13:44 629,616 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 01:13:28 207,736 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 01:13:32 279,352 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 01:13:12 15,160 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 20:00:06 387,960 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 01:13:38 392,048 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 01:13:30 260,976 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 01:13:32 289,648 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 01:13:20 56,120 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 01:13:38 551,800 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 01:13:30 224,104 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 20:40:34 208,760 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 01:13:34 371,568 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 20:41:04 399,640 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:59:24 205,616 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 02:30:42 65,312 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 20:16:36 133,936 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 01:12:52 189,760 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 01:55:32 87,344 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 05:48:08 234,784 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 00:48:14 439,568 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 00:48:14 434,528 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 20:07:36 17,891,112 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 19:10:08 1,190,688 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 19:04:58 75,576 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-27 00:21:24 1,682,232 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 20:09:36 983,376 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 01:02:12 2,526,520 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 20:37:44 338,216 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 20:38:02 6,191,400 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 20:37:44 284,448 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 05:47:54 65,824 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-27 20:37:40 34,088 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 20:37:44 300,336 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 05:47:44 33,568 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 20:37:56 2,689,336 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 20:38:00 3,508,544 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 20:37:40 117,584 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 20:37:50 768,304 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 20:37:52 1,359,648 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 05:48:24 377,136 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 20:37:58 3,071,288 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 20:37:44 284,976 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 05:48:00 197,920 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 05:48:18 317,736 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 05:48:40 1,555,232 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 05:47:42 31,016 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 05:47:40 22,808 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 05:48:02 224,048 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 20:38:04 7,053,096 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 05:48:42 2,210,608 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 05:48:18 363,304 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 05:47:40 16,688 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 20:37:56 2,738,472 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 20:37:38 35,112 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 05:48:02 222,512 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 20:37:50 1,163,048 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 20:38:00 4,746,536 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 20:37:54 1,396,008 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 05:48:34 955,680 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 20:37:40 268,080 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 05:48:26 572,216 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 20:37:48 631,080 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 01:12:52 173,328 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 01:55:38 138,024 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 20:10:08 1,439,032 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 20:10:10 5,456,704 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 20:10:10 5,281,592 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 02:42:00 176,976 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2008-11-23 12:03:39 609,104 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2008-11-23 12:03:39 118,112 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-27 00:55:10 828,704 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 01:55:48 340,248 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 20:04:08 497,504 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 20:01:34 10,371,880 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 02:18:06 66,880 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 18:58:14 117,552 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 20:26:40 16,870,712 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 19:59:06 161,080 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-27 00:48:12 14,664 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 01:12:58 428,816 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 02:13:36 26,936 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 01:00:08 6,635,320 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 18:56:36 436,520 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 20:04:10 9,581,360 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 00:50:04 672,024 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 18:56:40 505,136 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 00:55:12 832,800 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-27 00:55:06 538,904 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 01:12:30 65,824 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 20:14:34 14,151,456 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 01:42:36 8,423,224 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 01:06:54 232,816 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 01:14:06 7,033,152 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 20:18:36 1,658,152 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 01:00:08 274,744 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 01:00:12 998,208 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 01:00:10 285,008 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 20:16:46 2,939,704 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 01:34:12 660,792 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 01:34:10 192,848 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 01:32:42 604,000 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 20:39:36 687,432 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 20:03:04 1,018,664 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 01:24:54 98,632 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 01:24:50 72,504 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 01:24:58 1,165,112 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 20:03:06 6,579,512 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 01:23:00 782,720 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 01:07:04 6,536,992 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 21:25:18 3,611,416 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 23:53:56 459,080 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 20:16:44 594,256 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 20:16:48 12,813,096 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 20:16:40 176,976 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 20:16:36 46,864 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 02:30:44 482,088 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 20:04:06 465,200 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 20:04:06 7,980,848 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-11-23 12:03:10 248,632 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 00:52:10 2,012,480 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 01:09:36 136,008 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 19:05:00 77,144 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-27 01:55:54 413,472 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 20:04:06 624,456 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 01:09:44 590,144 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 02:13:38 38,168 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 02:42:12 744,808 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 19:04:44 19,784 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 01:55:44 263,520 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 01:55:44 272,744 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 01:13:00 503,624 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 01:06:58 439,600 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 02:18:16 502,608 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 20:21:58 277,320 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 19:57:08 2,330,968 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 19:04:48 29,976 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 19:05:04 126,784 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 19:05:02 86,840 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 19:04:56 58,168 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 19:04:48 27,456 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 19:04:54 51,008 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 19:04:44 19,784 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 19:04:58 76,624 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-30 05:42:56 2,583,344 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 04:00:12 1,841,984 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-27 03:58:38 3,732,792 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 20:23:04 347,432 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2008-11-23 12:03:10 781,104 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 20:11:38 4,235,560 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 20:11:36 21,264 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 20:23:08 17,483,560 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:05:08 1,181,520 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 02:13:08 14,674,216 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 02:17:08 11,072 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 19:05:08 530,760 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-08-29 04:38:10 500,648 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-09-15 02:45:58 16,901,168 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-29 04:38:46 9,584,512 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-29 05:19:24 1,654,648 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-29 04:06:16 467,840 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-29 04:06:44 7,990,144 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2008-11-24 08:04:38 251,272 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-24 08:43:28 138,648 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-29 04:39:14 625,560 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 08:43:36 593,296 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-29 04:16:00 350,064 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 22:56:32 17,490,800 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-03 01:00:06 14,708,760 ----a-r e:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2008-11-24 08:06:06 217,864 ----a-r e:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-11-24 08:08:49 1,165,584 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-24 08:08:50 20,240 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-24 08:08:50 159,504 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-24 08:08:50 184,080 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-24 08:08:50 217,864 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-24 08:08:50 18,704 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-24 08:08:50 35,088 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-24 08:08:50 845,584 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-24 08:08:50 922,384 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-24 08:08:50 272,648 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-24 08:08:50 888,080 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-24 08:08:50 1,172,240 ----a-r e:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-19 03:07:34 270,880 ----a-w e:\windows\LastGood\system32\mucltui.dll
+ 2008-07-19 03:07:32 210,976 ----a-w e:\windows\LastGood\system32\muweb.dll
+ 2004-08-10 05:50:22 77,889 ----a-w e:\windows\system32\atrc.dll
+ 2004-08-10 05:50:00 65,602 ----a-w e:\windows\system32\cook.dll
+ 2004-08-10 05:50:48 102,464 ----a-w e:\windows\system32\drv1.dll
+ 2004-08-10 05:51:08 176,195 ----a-w e:\windows\system32\drv2.dll
+ 2004-11-24 18:25:52 335,872 ----a-w e:\windows\system32\drvc.dll
+ 2004-10-03 16:50:54 129,024 ----a-w e:\windows\system32\ff_mpeg2enc.dll
+ 2008-06-22 16:34:00 177,664 ----a-w e:\windows\system32\ff_theora.dll
- 2008-06-12 18:36:38 7,680 ----a-w e:\windows\system32\ff_vfw.dll
+ 2008-06-12 17:36:38 7,680 ----a-w e:\windows\system32\ff_vfw.dll
+ 2008-06-13 10:39:38 23,552 ----a-w e:\windows\system32\ff_wmv9.dll
+ 2008-07-05 10:13:16 708,096 ----a-w e:\windows\system32\ff_x264.dll
+ 2007-08-23 06:03:38 1,195,888 ----a-w e:\windows\system32\FM20.DLL
+ 2006-10-26 19:10:06 33,088 ----a-w e:\windows\system32\FM20ENU.DLL
- 2008-11-14 12:14:59 105,416 ----a-w e:\windows\system32\FNTCACHE.DAT
+ 2008-11-24 08:17:25 274,968 ----a-w e:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 05:52:54 241,723 ----a-w e:\windows\system32\hxltcolor.dll
+ 2006-10-26 18:45:04 207,360 ----a-w e:\windows\system32\INKED.DLL
+ 2008-07-05 10:14:44 3,591,168 ----a-w e:\windows\system32\libavcodec.dll
+ 2008-07-05 10:14:48 456,192 ----a-w e:\windows\system32\libmplayer.dll
+ 2006-07-24 15:50:38 125,744 ----a-w e:\windows\system32\MSSTDFMT.DLL
+ 2004-04-20 21:00:00 172,032 ----a-w e:\windows\system32\OptimFROG.dll
- 2008-11-18 03:13:23 63,470 ----a-w e:\windows\system32\perfc009.dat
+ 2008-11-27 00:21:41 64,314 ----a-w e:\windows\system32\perfc009.dat
- 2008-11-18 03:13:23 405,888 ----a-w e:\windows\system32\perfh009.dat
+ 2008-11-27 00:21:41 408,792 ----a-w e:\windows\system32\perfh009.dat
- 2008-11-01 17:43:01 278,528 ----a-w e:\windows\system32\pncrt.dll
+ 2003-11-25 22:32:02 123,392 ----a-w e:\windows\system32\pncrt.dll
- 2008-11-01 17:43:01 6,656 ----a-w e:\windows\system32\pndx5016.dll
+ 2008-11-21 22:08:47 6,656 ----a-w e:\windows\system32\pndx5016.dll
- 2008-11-01 17:43:01 5,632 ----a-w e:\windows\system32\pndx5032.dll
+ 2008-11-21 22:08:47 5,632 ----a-w e:\windows\system32\pndx5032.dll
- 2008-11-01 17:43:05 185,920 ----a-w e:\windows\system32\rmoc3260.dll
+ 2008-11-21 22:08:53 185,920 ----a-w e:\windows\system32\rmoc3260.dll
+ 2004-08-10 05:50:40 49,216 ----a-w e:\windows\system32\rv10.dll
+ 2004-08-10 05:51:00 57,411 ----a-w e:\windows\system32\rv20.dll
+ 2004-08-10 05:52:14 49,221 ----a-w e:\windows\system32\rv30.dll
+ 2004-08-10 05:52:16 49,221 ----a-w e:\windows\system32\rv40.dll
+ 2006-07-24 15:50:40 39,728 ----a-w e:\windows\system32\SCP32.DLL
+ 2006-11-02 15:10:16 80,912 ----a-w e:\windows\system32\sherlock2.exe
+ 2004-08-10 05:50:12 106,561 ----a-w e:\windows\system32\sipr.dll
+ 2006-10-27 00:56:16 864,080 ----a-w e:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-10-27 00:56:14 67,408 ----a-w e:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-10-27 00:56:16 864,080 ----a-w e:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2006-10-27 00:56:14 67,408 ----a-w e:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2006-10-27 00:56:12 33,104 ----a-w e:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2006-07-24 15:50:40 47,920 ----a-w e:\windows\system32\VBAME.DLL
+ 2008-08-26 19:11:42 987,136 ----a-w e:\windows\system32\VSFilter.dll
+ 2006-10-26 18:45:04 293,376 ----a-w e:\windows\system32\WISPTIS.EXE
+ 2008-11-26 22:00:02 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_414.dat
+ 2008-11-26 21:59:49 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_504.dat
+ 2006-10-26 18:40:34 95,744 ----a-w e:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Aim6"="e:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Google Update"="e:\documents and settings\monkey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-25 133104]
"Steam"="e:\program files\steam\steam.exe" [2008-10-25 1410296]
"ctfmon.exe"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DisplayFusion"="e:\program files\DisplayFusion\DisplayFusion.exe" [2008-04-27 548528]
"EA Core"="e:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Comrade.exe"="e:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"="e:\recycler\S-1-5-21-0865879383-2990170196-581310326-8476\winigon.exe" [2008-11-17 72704]
"Fraps"="e:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CTSysVol"="e:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"Launch LCDMon"="e:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168]
"Launch LGDCore"="e:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"OSSelectorReinstall"="e:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-11-17 136600]
"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-21 185872]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"P17Helper"="P17.dll" [2005-05-03 e:\windows\system32\P17.dll]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 e:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 e:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 e:\windows\alcwzrd.exe]

e:\documents and settings\monkey\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - e:\program files\RALINK\Common\RaUI.exe [2008-10-25 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3kaxx.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"e:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"e:\\Nexon\\Combat Arms\\NMService.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\source 2007 dedicated server\\srcds.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\counter-strike source\\hl2.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-10-25 78416]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-25 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"e:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-25 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;e:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S0 ati3kaxx;ati3kaxx;e:\windows\system32\Drivers\ati3kaxx.sys []
S3 ALSysIO;ALSysIO;\??\e:\docume~1\monkey\LOCALS~1\Temp\ALSysIO.sys []
S3 cpuz130;cpuz130;\??\e:\docume~1\monkey\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\e:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 WinRing0_1_1_1;WinRing0_1_1_1;\??\e:\documents and settings\monkey\My Documents\Downloads\RealTemp_2.70\RealTemp_2.70\WinRing0.sys [2008-11-04 13904]
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04cb0c50-a488-11dd-bd69-001f1f1fd953}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aed31714-ad57-11dd-a903-001f1f1fd953}]
\Shell\Auto\command - servver.exe
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL servver.exe

*Newly Created Service* - SYSMONLOG
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 e:\windows\Tasks\GoogleUpdateTaskUser.job
- e:\documents and settings\monkey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-25 15:33]

2008-12-02 e:\windows\Tasks\User_Feed_Synchronization-{1047BDD1-3F1B-4970-8459-8040651C244F}.job
- e:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft(R) System Manager - e:\windows\system32\sysmgr.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 22:44:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-02 22:45:49
ComboFix-quarantined-files.txt 2008-12-03 03:45:42
ComboFix2.txt 2008-11-19 04:56:23

Pre-Run: 550,969,311,232 bytes free
Post-Run: 551,070,302,208 bytes free

609 --- E O F --- 2008-11-24 08:08:53

[ + quote]

So...who wants to play TF2 with me?

cdavfrew

Senior Member

3. December 2008 @ 05:58

Link to this message

Hey proxyRAX

You managed to get even more infected....

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

File::

e:\documents and settings\monkey\12273052223696.exe 

e:\documents and settings\monkey\12272702421468.exe 

e:\documents and settings\monkey\12272289153104.exe 

e:\documents and settings\monkey\1227228530280.exe 

e:\documents and settings\monkey\12272274383124.exe 

e:\recycler\S-1-5-21-0865879383-2990170196-581310326-8476\winigon.exe



Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

"12CFG94-z641-2SF-N31P-5M1ER6H6L1"=-



[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aed31714-ad57-11dd-a903-001f1f1fd953}]

? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe as shown in the picture below.

? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

Any more problems?

Best Regards :D

[ + quote]

proxyRAX

Junior Member

4. December 2008 @ 01:19

Link to this message

That is interesting...

There aren't any apparent hangups. I'll post the log in a sec. It is running now on the other computer.

EDIT::

ComboFix 08-11-18.04 - monkey 2008-12-04 1:18:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2624 [GMT -5:00]
Running from: e:\documents and settings\monkey\My Documents\Downloads\ComboFix.exe
Command switches used :: e:\documents and settings\monkey\My Documents\Downloads\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
e:\documents and settings\monkey\12272274383124.exe
e:\documents and settings\monkey\1227228530280.exe
e:\documents and settings\monkey\12272289153104.exe
e:\documents and settings\monkey\12272702421468.exe
e:\documents and settings\monkey\12273052223696.exe
e:\recycler\S-1-5-21-0865879383-2990170196-581310326-8476\winigon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\monkey\12272274383124.exe
e:\documents and settings\monkey\1227228530280.exe
e:\documents and settings\monkey\12272289153104.exe
e:\documents and settings\monkey\12272702421468.exe
e:\documents and settings\monkey\12273052223696.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-11-28 18:52 . 2008-11-28 18:55 <DIR> d-------- e:\documents and settings\monkey\Application Data\vlc
2008-11-28 18:51 . 2008-11-28 18:51 <DIR> d-------- e:\program files\VideoLAN
2008-11-27 14:45 . 2008-11-27 14:45 <DIR> d-------- e:\windows\LastGood
2008-11-24 19:07 . 2008-11-24 19:07 <DIR> d-------- e:\windows\Sun
2008-11-24 18:41 . 2008-11-24 18:41 <DIR> d-------- e:\program files\CodeBlocks
2008-11-24 18:40 . 2008-11-24 18:41 <DIR> d-------- e:\program files\Celestia
2008-11-23 07:15 . 2008-10-16 14:06 268,648 --a------ e:\windows\system32\mucltui.dll
2008-11-23 07:15 . 2008-10-16 14:06 208,744 --a------ e:\windows\system32\muweb.dll
2008-11-23 07:15 . 2008-10-16 14:06 27,496 --a------ e:\windows\system32\mucltui.dll.mui
2008-11-23 07:04 . 2006-10-26 19:56 32,592 --a------ e:\windows\system32\msonpmon.dll
2008-11-23 07:03 . 2008-11-23 07:03 <DIR> d-------- e:\program files\MSBuild
2008-11-23 07:03 . 2008-11-23 07:03 <DIR> d-------- e:\program files\Microsoft Works
2008-11-23 07:02 . 2008-11-23 07:02 <DIR> d-------- e:\program files\Microsoft.NET
2008-11-23 06:59 . 2008-11-23 06:59 <DIR> d-------- e:\program files\Microsoft Visual Studio 8
2008-11-23 06:58 . 2008-11-23 07:03 <DIR> d-------- e:\windows\SHELLNEW
2008-11-23 06:58 . 2008-11-23 06:58 <DIR> dr-h----- E:\MSOCache
2008-11-23 06:58 . 2008-11-24 03:08 <DIR> d-------- e:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-22 12:36 . 2008-11-22 12:36 <DIR> d-------- e:\program files\XP Codec Pack
2008-11-22 12:36 . 2008-07-09 03:05 421,888 --a------ e:\windows\system32\ac3filter.acm
2008-11-21 17:08 . 2008-11-21 17:08 <DIR> d-------- e:\program files\Common Files\xing shared
2008-11-20 17:25 . 2008-11-20 17:25 102,427 --a------ e:\windows\system32\msvcrt2.dll
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\documents and settings\monkey\Application Data\Malwarebytes
2008-11-18 19:31 . 2008-11-18 19:31 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-18 19:31 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 19:31 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-11-18 17:14 . 2008-11-18 17:14 <DIR> d-------- e:\documents and settings\Administrator
2008-11-17 21:54 . 2008-11-17 21:54 <DIR> d-------- e:\program files\Sun
2008-11-17 21:54 . 2008-11-17 21:54 410,976 --a------ e:\windows\system32\deploytk.dll
2008-11-17 21:54 . 2008-11-17 21:54 73,728 --a------ e:\windows\system32\javacpl.cpl
2008-11-17 21:53 . 2008-11-17 21:54 <DIR> d-------- e:\program files\Java
2008-11-17 19:10 . 2008-11-17 19:10 <DIR> d-------- e:\documents and settings\monkey\.idlerc
2008-11-17 18:45 . 2008-11-17 18:45 <DIR> d-------- e:\program files\Python
2008-11-14 00:00 . 2008-11-14 00:00 <DIR> d-------- e:\program files\Microsoft Reader
2008-11-14 00:00 . 2003-06-05 17:15 57,436 --a------ e:\windows\DASShp.dll
2008-11-11 23:23 . 2008-09-04 12:15 1,106,944 --a------ e:\windows\system32\SET29.tmp
2008-11-11 23:23 . 2008-09-04 12:15 1,106,944 -----c--- e:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:23 . 2008-10-24 06:21 455,296 -----c--- e:\windows\system32\dllcache\mrxsmb.sys
2008-11-05 21:13 . 2008-11-05 21:13 <DIR> d-------- E:\Nexon
2008-11-05 21:13 . 2008-11-05 21:15 <DIR> d-------- e:\documents and settings\All Users\Application Data\NexonUS
2008-11-04 15:03 . 2008-04-13 14:40 43,904 --a------ e:\windows\system32\drivers\sbp2port.sys
2008-11-04 15:03 . 2008-04-13 14:40 43,904 --a--c--- e:\windows\system32\dllcache\sbp2port.sys
2008-11-04 13:25 . 2008-11-04 13:25 <DIR> d-------- e:\documents and settings\All Users\Application Data\Acronis
2008-11-04 13:20 . 2008-11-04 13:20 <DIR> d-------- e:\program files\Common Files\Acronis
2008-11-04 11:37 . 2008-11-04 11:37 <DIR> d-------- e:\program files\Acronis
2008-11-04 11:37 . 2008-11-04 11:37 114,048 --a------ e:\windows\system32\drivers\snapman.sys
2008-11-04 11:28 . 2008-11-04 11:43 <DIR> d-------- e:\documents and settings\monkey\Application Data\InfraRecorder
2008-11-04 11:27 . 2008-11-04 11:27 <DIR> d-------- e:\program files\InfraRecorder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 06:13 --------- d-----w e:\documents and settings\monkey\Application Data\uTorrent
2008-12-04 01:24 --------- d-----w e:\program files\Steam
2008-12-02 04:49 137,688 ----a-w e:\windows\system32\drivers\PnkBstrK.sys
2008-12-02 04:48 202,040 ----a-w e:\windows\system32\PnkBstrB.exe
2008-11-30 18:16 --------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2008-11-21 22:08 348,160 ----a-w e:\windows\system32\msvcr71.dll
2008-11-21 22:08 --------- d-----w e:\program files\Common Files\Real
2008-11-20 05:51 --------- d-----w e:\documents and settings\monkey\Application Data\Apple Computer
2008-11-18 22:15 14,336 ----a-w e:\windows\system32\svchost.exe
2008-11-18 05:10 --------- d-----w e:\program files\PeerGuardian2
2008-11-14 05:00 --------- d--h--w e:\program files\InstallShield Installation Information
2008-11-04 00:33 107,888 ----a-w e:\windows\system32\CmdLineExt.dll
2008-11-03 00:38 --------- d-----w e:\program files\Audacity
2008-11-02 15:06 --------- d-----w e:\program files\NeoSmart Technologies
2008-11-02 14:41 --------- d-----w e:\program files\Network Stumbler
2008-11-02 14:37 --------- d-----w e:\program files\Autodesk
2008-11-02 14:36 --------- d-----w e:\program files\Common Files\Autodesk Shared
2008-11-02 14:36 --------- d-----w e:\program files\Common Files\Alias Shared
2008-11-01 17:43 --------- d-----w e:\program files\DataCache
2008-11-01 15:57 49,152 ----a-w e:\windows\system32\md5sum.exe
2008-11-01 15:45 --------- d-----w e:\documents and settings\monkey\Application Data\mIRC
2008-10-30 00:22 319,488 ----a-w e:\windows\HideWin.exe
2008-10-30 00:22 --------- d-----w e:\program files\Realtek
2008-10-29 01:34 --------- d-----w e:\program files\Common Files\Adobe
2008-10-29 01:31 --------- d-----w e:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-29 01:30 --------- d-----w e:\program files\Common Files\Adobe Systems Shared
2008-10-29 01:19 --------- d-----w e:\program files\Common Files\Adobe AIR
2008-10-28 22:42 --------- d-----w e:\documents and settings\monkey\Application Data\Media Player Classic
2008-10-28 05:02 --------- d-----w e:\program files\Bethesda Softworks
2008-10-28 04:28 --------- d-----w e:\documents and settings\monkey\Application Data\InstallShield Installation Information
2008-10-28 04:14 --------- d-----w e:\program files\Unreal Tournament 3
2008-10-28 04:14 --------- d-----w e:\program files\AGEIA Technologies
2008-10-28 04:13 --------- d-----w e:\program files\Common Files\Wise Installation Wizard
2008-10-28 01:10 --------- d-----w e:\program files\iTunes
2008-10-28 01:10 --------- d-----w e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 01:09 --------- d-----w e:\program files\QuickTime
2008-10-28 01:09 --------- d-----w e:\program files\iPod
2008-10-28 01:09 --------- d-----w e:\program files\Common Files\Apple
2008-10-28 01:09 --------- d-----w e:\program files\Bonjour
2008-10-28 01:09 --------- d-----w e:\program files\Apple Software Update
2008-10-28 01:09 --------- d-----w e:\documents and settings\All Users\Application Data\Apple Computer
2008-10-28 01:09 --------- d-----w e:\documents and settings\All Users\Application Data\Apple
2008-10-28 00:41 --------- d-----w e:\program files\AbiSuite2
2008-10-26 13:05 --------- d-----w e:\program files\DAEMON Tools Lite
2008-10-26 04:04 --------- d-----w e:\program files\GameSpy
2008-10-26 03:59 22,328 ----a-w e:\documents and settings\monkey\Application Data\PnkBstrK.sys
2008-10-26 03:58 669,184 ----a-w e:\windows\system32\pbsvc.exe
2008-10-26 03:58 --------- dc-h--w e:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2008-10-26 03:41 717,296 ----a-w e:\windows\system32\drivers\sptd.sys
2008-10-26 03:41 --------- d-----w e:\program files\Electronic Arts
2008-10-26 03:41 --------- d-----w e:\documents and settings\monkey\Application Data\DAEMON Tools
2008-10-26 02:44 --------- d-----w e:\program files\Opera
2008-10-26 02:44 --------- d-----w e:\program files\Common Files\InstallShield
2008-10-26 01:08 66,872 ----a-w e:\windows\system32\PnkBstrA.exe
2008-10-26 00:48 --------- d-----w e:\program files\Logitech
2008-10-26 00:48 --------- d-----w e:\program files\Common Files\Logitech
2008-10-26 00:48 --------- d-----w e:\documents and settings\All Users\Application Data\Logitech
2008-10-26 00:42 --------- d-----w e:\documents and settings\monkey\Application Data\Viewpoint
2008-10-26 00:36 --------- d-----w e:\program files\Alwil Software
2008-10-26 00:11 --------- d-----w e:\program files\Activision
2008-10-25 23:15 --------- d-----w e:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-25 22:53 --------- d-----w e:\program files\CCleaner
2008-10-25 21:57 --------- d-----w e:\documents and settings\All Users\Application Data\Creative
2008-10-25 21:35 --------- d-----w e:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-25 21:23 --------- d-----w e:\documents and settings\monkey\Application Data\Binary Fortress Software
2008-10-25 21:20 --------- d-----w e:\program files\KellySoftware
2008-10-25 21:20 --------- d-----w e:\program files\DisplayFusion
2008-10-25 21:06 --------- d-----w e:\program files\Creative
2008-10-25 20:31 --------- d-----w e:\documents and settings\monkey\Application Data\ATI
2008-10-25 20:31 --------- d-----w e:\documents and settings\All Users\Application Data\ATI
2008-10-25 20:28 --------- d-----w e:\program files\ATI Technologies
2008-10-25 20:26 --------- d-----w e:\program files\Common Files\ATI Technologies
2008-10-25 20:25 --------- d-----w e:\program files\Viewpoint
2008-10-25 20:25 --------- d-----w e:\program files\uTorrent
2008-10-25 20:25 --------- d-----w e:\program files\Common Files\AOL
2008-10-25 20:25 --------- d-----w e:\program files\AIM6
2008-10-25 20:25 --------- d-----w e:\documents and settings\monkey\Application Data\acccore
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\Viewpoint
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\AOL OCP
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\AOL
2008-10-25 20:25 --------- d-----w e:\documents and settings\All Users\Application Data\acccore
2008-10-25 19:39 21,275 ----a-w e:\windows\system32\drivers\AegisP.sys
2008-10-25 19:38 --------- d-----w e:\program files\RALINK
2008-10-25 19:32 155,995 ----a-w e:\windows\java\Packages\2PNJ3F7F.ZIP
2008-10-25 19:28 --------- d-----w e:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w e:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w e:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w e:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w e:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w e:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w e:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w e:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w e:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w e:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w e:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w e:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Aim6"="e:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Google Update"="e:\documents and settings\monkey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-25 133104]
"Steam"="e:\program files\steam\steam.exe" [2008-10-25 1410296]
"ctfmon.exe"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DisplayFusion"="e:\program files\DisplayFusion\DisplayFusion.exe" [2008-04-27 548528]
"EA Core"="e:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Comrade.exe"="e:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Fraps"="e:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CTSysVol"="e:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"Launch LCDMon"="e:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168]
"Launch LGDCore"="e:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"OSSelectorReinstall"="e:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-11-17 136600]
"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-21 185872]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"P17Helper"="P17.dll" [2005-05-03 e:\windows\system32\P17.dll]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 e:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 e:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 e:\windows\alcwzrd.exe]

e:\documents and settings\monkey\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - e:\program files\RALINK\Common\RaUI.exe [2008-10-25 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3kaxx.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"e:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"e:\\Nexon\\Combat Arms\\NMService.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\source 2007 dedicated server\\srcds.exe"=
"e:\\Program Files\\Steam\\SteamApps\\ichigomonkey\\counter-strike source\\hl2.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-10-25 78416]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-25 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"e:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-25 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;e:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S0 ati3kaxx;ati3kaxx;e:\windows\system32\Drivers\ati3kaxx.sys []
S3 ALSysIO;ALSysIO;\??\e:\docume~1\monkey\LOCALS~1\Temp\ALSysIO.sys []
S3 cpuz130;cpuz130;\??\e:\docume~1\monkey\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\e:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 WinRing0_1_1_1;WinRing0_1_1_1;\??\e:\documents and settings\monkey\My Documents\Downloads\RealTemp_2.70\RealTemp_2.70\WinRing0.sys [2008-11-04 13904]
S4 hpt3xx;hpt3xx; []

*Newly Created Service* - SYSMONLOG
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-04 e:\windows\Tasks\GoogleUpdateTaskUser.job
- e:\documents and settings\monkey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-25 15:33]

2008-12-03 e:\windows\Tasks\User_Feed_Synchronization-{1047BDD1-3F1B-4970-8459-8040651C244F}.job
- e:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 01:19:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

e:\program files\uTorrent\uTorrent.exe [3816] 0x892DB798

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-04 1:22:36
ComboFix-quarantined-files.txt 2008-12-04 06:22:34
ComboFix2.txt 2008-12-03 03:45:50
ComboFix3.txt 2008-11-19 04:56:23

Pre-Run: 550,984,409,088 bytes free
Post-Run: 550,973,698,048 bytes free

280 --- E O F --- 2008-11-24 08:08:53

[ + quote]

So...who wants to play TF2 with me?

This message has been edited since posting. Last time this message was edited on 4. December 2008 @ 01:27

cdavfrew

Senior Member

6. December 2008 @ 02:32

Link to this message

Hey proxyRAX

Now you look clean. Any more problems?

Please find this folder C:\Qoobox, zip it up, and upload it to http://www.uploadmalware.com/

Best Regards :D

[ + quote]

proxyRAX

Junior Member

7. December 2008 @ 00:49

Link to this message

Nope, thanks a lot for the help. Much appreciated. =]]

[ + quote]

So...who wants to play TF2 with me?

cdavfrew

Senior Member

7. December 2008 @ 03:26

Link to this message

Hey proxyRAX

You're welcome.

Best Regards :D

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > picked up a nasty. would appreciate some help.


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.