Sign In
Create Account
0
My antivirus is Avira AntiVir Personal. I used the most updated version (July 4)
Here is my Malwarebytes log:
Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 2
7/4/2009 1:32:41 PM
mbam-log-2009-07-04 (13-32-34).txt
Scan type: Full Scan (C:\|)
Objects scanned: 181367
Time elapsed: 51 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
And here is my HST log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:36 PM, on 7/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\BrownSW\VPNCLN~1\INSTAL~1.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: IDXHlprObj Class - {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files\IDX Web Desktop\IDXIEController.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DictateBHO - {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: TouchWorks Dictate - {6F60C5C5-61B3-4378-8902-ED9497663AC9} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [] C:\Documents and Settings\vtewari\.exe /i
O4 - HKCU\..\Run: [vtewari] C:\Documents and Settings\vtewari\vtewari.exe /i
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [jegosabahi] Rundll32.exe "C:\WINDOWS\system32\yeyatene.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} (Engine Class) - /Touchworks/AHSCompressionEngine.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} (IDXssl Class) - http://emr.bgpma.com...IDXM/idxssl.cab
O16 - DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} (WAVSCtl.WAVitalSignsCtl) - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
O16 - DPF: {46965FE7-2129-407B-938C-BE358A56D11E} (AICViewer.Viewer) - /touchworks/docworks/chworks/note/aicviewer3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229557813171
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.14.142.downloads.estara.com...227562OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232477913984
O16 - DPF: {77C84519-8818-4E32-9540-653A9905C9F6} (DictationController Class) - http://tw.bgpma.com/...nController.cab
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl) - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
O16 - DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} (Pesgoa Control) - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
O16 - DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} (Flowcast LDAP Class) - http://emr.bgpma.com...lowcastLDAP.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} (DictionaryManager.Dictionary) - /Touchworks/DictionaryManager.CAB
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
O16 - DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} (IDX TermWin Control) - http://emr.bgpma.com...CW/IDXM/icw.CAB
O16 - DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} (TWRTFControl) - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
O16 - DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} (DictateBandInstaller) - https://tw.bgpma.com.../DictateBar.cab
O16 - DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} (IDXcsvr Control Class) - http://emr.bgpma.com...DXM/idxcsvr.cab
O16 - DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} (AIC_ViewerAS2.Viewer) - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bgpma.com
O17 - HKLM\Software\..\Telephony: DomainName = bgpma.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC}: NameServer = 202.149.208.92,202.149.208.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bgpma.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bgpma.com
O18 - Filter hijack: text/html - {b9dfea23-651b-4b7e-bf9a-3936ff1c819f} - (no file)
O20 - AppInit_DLLs: ytvrlh.dll KATRACK.DLL zvmwsm.dll sofduk.dll zdcfil.dll
O23 - Service: Application Layer Gateway Service ALGSharedAccess (ALGSharedAccess) - Unknown owner - C:\WINDOWS\system32\advpackx.exe (file missing)
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\BrownSW\VPNCLN~1\INSTAL~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 16271 bytes
Thank you so much for your help
-
This topic is locked
Back to top
#2
Posted 06 July 2009 - 02:45 AM
-
- Administrators
-
- 22,579 posts
Forum Deity
- Gender:Male
- Location:US
Is this a work computer and part of the Domain bgpma.com ?
Did you or your IT Dept set these DNS Server entries: 202.149.208.92,202.149.208.11
STEP 01
With all other applications closed (Taskbar empty), open HijackThis again
and run Do a system scan only and place a check mark on the following items.
STEP 02
[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program
Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe
Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Did you or your IT Dept set these DNS Server entries: 202.149.208.92,202.149.208.11
STEP 01
With all other applications closed (Taskbar empty), open HijackThis again
and run Do a system scan only and place a check mark on the following items.
- R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
- R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
- O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
- O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
- O4 - HKCU\..\Run: [] C:\Documents and Settings\vtewari\.exe /i
- O4 - HKCU\..\Run: [vtewari] C:\Documents and Settings\vtewari\vtewari.exe /i
- O4 - HKUS\S-1-5-19\..\Run: [jegosabahi] Rundll32.exe "C:\WINDOWS\system32\yeyatene.dll",s (User 'LOCAL SERVICE')
- O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
- O18 - Filter hijack: text/html - {b9dfea23-651b-4b7e-bf9a-3936ff1c819f} - (no file)
- O20 - AppInit_DLLs: ytvrlh.dll KATRACK.DLL zvmwsm.dll sofduk.dll zdcfil.dll
Then Quit All Browsers including the one you're reading this in now.
Then click on Fix checked and then quit HJT
STEP 02
[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program
Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe
Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Yes to allow ComboFix to continue scanning for malware.
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
#3
Posted 07 July 2009 - 12:43 AM
-
- Members
-
- 21 posts
New Member
Thank you so much for your message. It is a work computer that is part of the bgpma.com domain.
Here is my ComboFix.txt :
ComboFix 09-07-06.02 - vtewari 07/06/2009 20:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.626 [GMT -4:00]
Running from: c:\documents and settings\vtewari\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-1398234865
c:\documents and settings\All Users\Application Data\13B5E8A1.exe
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{010851FB-E87B-4B15-B89D-31BCA16CB409}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0191F380-CE67-4E66-AC7F-AF85A1A70EF5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{02140FBD-EFCD-4954-AA51-3EC959634BDA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{03F041FD-3F3A-424A-88F0-84351B0C7234}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{04B6190D-BB0B-444B-98EE-474F2C35C135}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{04DB7525-C121-4AA6-A18F-1688B0C1FFF9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0500A0C4-77E0-4F50-A5B4-AB67707141D2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{061DE70F-E1FA-41B8-9359-E76187719F66}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0685C898-6A71-4EA3-8BE8-AE14F901F82C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{06F7AC6F-CF24-4707-856D-3730898FAFD7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{08488A8B-CE72-4C5B-B92A-42BF00D61D11}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0893DA15-1568-4A12-BA4B-03C02C8F9D17}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{08BF69EB-7A77-4974-9208-1C88B79714E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{09487DC3-3517-495A-989C-811544B253B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0978B4F3-F83D-4551-88FE-F8AAD8583F3C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0A7A0EE4-C523-49AD-AA57-89AA2CAC2A97}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B54D927-E5A1-4789-BB74-61221152F02B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B5DA379-7053-4CEC-903A-AFF2FA2A888B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B9E8426-82A5-4F94-B2C6-8D04096E7792}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0C7EA272-B681-4C14-A4B8-12996AB8725B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0EC6EF41-DF71-4AEE-9B5D-FE0C34D85164}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0F359B3A-66EE-4453-930A-B899CB7F0D40}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{100ECC25-B5E5-4790-A848-2525363C5F1C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1126C211-3C15-473E-B32C-8F6753A561E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{115B6B95-4FC0-4B9D-81F9-D44C48F9BB52}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1244729B-0B52-4EF4-A7FD-5BFBF7962CC7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{12EE75DB-F4AD-4DF3-8DEB-4FF5630B73B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{15277D43-9416-4EF7-A82C-BA8D9DA09C76}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1595F55E-79E5-4585-9DEF-F8D8D7CEA728}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{16103788-4258-4D60-BB2D-F50178904DFF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{162080FD-33C1-49AC-B5CD-7C3BCD448CA3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{16EE379E-EE9A-4169-823B-31534899A850}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1739EAF4-B0FD-482E-84A5-76B066CF8ED2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{17B68B72-19E4-48BE-92C9-C5FEB6E10805}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{17C687B4-D05E-4F7C-B271-9E48AA6DA636}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1981FE74-AC3A-4B1F-8845-08EF843A36F8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{19D0AED9-8670-4584-958B-9B3FB18D5826}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1C7D836B-F192-4EA0-9F04-1CE6FAB6C4EE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1D41E7FF-F552-40CB-8FD1-CDC1D19647B9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1DAA25C7-2AC0-4E1A-B876-7AA8CC03903F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1FBCE2DC-BD7C-4547-A374-FC5D84B4BB51}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2287BC21-FFEE-4852-AC36-04A9C7DB6B3B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2343D064-4ABB-4D00-921C-35C34C048297}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{23C089F9-663D-41E7-B088-049552BAA5FC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{24B7F475-B2AC-4DAF-961C-4C34C6412AAB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{27AB224E-8CDB-447F-9E25-DDB9D00C0138}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{281545B4-972C-4DAF-A0F9-08F17815AEC9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28A385F8-06AB-4D9A-A6BF-7F6E0BF006B8}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28A49E85-AA93-4A50-BCFA-32A696DCC4C5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28CCF5A5-3764-4DE8-8EDE-BAFAA19DC97F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28DEBA5F-5AB9-4434-8A74-85E7CEC85E73}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{291B1687-11C5-478D-8828-2795F3C3BFDE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29280690-76DE-4BA1-BB89-97DD080BD922}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29C3FA4C-2859-4BBB-BD5A-F8CA69712C3A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29F8E176-ADB7-44C8-8424-3DB43F257051}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A12AF4D-C6F9-48C6-887C-2F74A93929FA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A14ADE4-0E85-4E40-B908-957AAE235AC6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A4F96CA-4D23-4B17-9CA9-A4F78BE81C49}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2B51A903-9A94-4389-B637-6F1C88A12D65}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2B69A695-CA54-41A3-BB7D-424BFE734724}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2BBCE97F-6A60-44B4-B3A3-7CB9481796C3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2CE88845-9511-4062-A8C0-F001B72ED9FC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2DCF3314-7C34-40C0-A9F5-BE29CC5B2A2C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2E11003D-6AFF-46DA-AB6A-2EFD95E17B43}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2E89D667-2989-49D6-99DE-CB02A103B451}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2F901039-6D1E-4460-8A43-B98D6DC111AE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2F907FF8-D622-4408-9AF7-60CF7F89FD19}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2FB2DB80-5DA8-414C-843D-40DF7DA89C8E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{300489B1-7D3B-42DB-8140-19DA32665472}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{31CCEEB5-6316-49B4-91BB-CA9AC652B448}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{32011C5F-B5BA-4884-BBD8-2D5955DA63A8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{334E49B8-C297-4537-89F1-6D1B85C5FF60}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3437587F-6FD0-4D9C-8746-1F3C3200F8E7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{35ACB1CD-52D0-4AA8-B9E4-8C90318F2178}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{36601610-E3A3-41FB-90A6-0C8CA31E6B7B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{36694957-907A-4061-B8C1-B43C92AC8C40}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{37DBA378-D684-4E27-A3FD-903E9C2A8BA1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{380F6A13-4BA4-49F3-9A6A-D0280458277B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{39A4B93F-EA81-4BC4-B828-590D4103B2BF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3A7E1974-9D09-4AD6-B7AA-4F20186C5E51}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3AD9D121-4DB0-4AA0-B37F-C3DF374A3B4F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B266237-C7F3-41C0-B7F7-16D5620255A1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B33C647-7448-4617-B028-7EE791B1D0DB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B4B4770-0536-42BA-8CBE-377E661AB415}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3BD5807D-D7B6-44EA-95E3-001800A5BB4D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3C7DA435-25FA-40D6-B82D-BB1D006089E8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3CA25348-73ED-4614-8437-7A86E872D17F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3D9EAA7B-E63E-48BB-9892-E3E20F52880A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{402D0AC6-7BD8-4C11-BDB4-39473EF2DE80}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{404D084F-E2B9-44B0-9778-A0A416D6C006}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{412B13F7-B106-4D83-8C7C-2B4204A9B86E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{423FA1E8-386D-4002-BF97-86EB9763EC24}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{42945578-FA41-4518-B2F9-7F46FF28F2B0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4316DAED-8281-4644-9A48-71BB7C3AAB76}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{43E7A830-7421-44B3-8504-2995B5F4F65A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{44422074-351F-4ED3-A720-3FFB4BF37462}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4485CA72-FD13-4982-86AF-6588CB532605}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{459DC5F1-14FA-4BB7-8E8F-1B180396AC07}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{45A91680-F4E5-4A7C-98AE-CDC79216C9E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{45D7435B-80C3-490B-A874-E58D455DF916}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4650B851-2CCA-48C4-B803-692A6BF3AABF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46969F9E-FDFA-4EE7-8F3A-3EC0B291455C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46EF85F0-3883-41C5-9E93-8B3507635FD4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46FE700C-3876-4B8C-B871-530D38C835B6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4730D75E-17DB-4576-96BF-D9C5C85E27C3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{476F973A-AD82-474A-8EC8-9E563E95027D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{47D89126-F86F-4264-BD59-48DF662C27CF}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{48257CA3-2FCB-4068-A806-EC3FDAF70DD0}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4891FE67-87A4-483B-A7E4-D7CACF6F0E28}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{492DB771-64FD-4800-A226-C34FA99429F4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A19EA0A-E557-4C44-88B6-1B22D01A4F56}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A307AEA-BA37-417A-8AA1-0EDEDC1FD199}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A7DB28A-4A3D-4BA9-9F11-A3732C9B2509}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4AFCC474-6AFC-45AE-A74A-5460284A9DEC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4B5CD0FD-BBAA-4057-BDEF-B85F72EB5599}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C053A06-A917-4E83-AAC8-489A41B1E803}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C289E8B-72CA-4612-AC64-16ECF0BD8F54}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C7B62FB-6815-467C-B6D0-467C644B97A0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4CB5CC86-311D-4A1B-B5C6-F12817BB9F8F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4D659318-0737-41E6-828C-05212A74F261}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4F76E7B4-D8B0-4CD4-BEE5-5E7EA51E7ACF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{50CE66E5-D096-4020-8013-93D21D642267}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{52F24EED-3604-457B-ABFA-004FF8B5CF4A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{534C9310-6401-4555-956D-BB37AE91F54E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{54336CA0-7421-4777-AC21-6498110328A8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{55D92F5C-1E39-4873-8395-B3DA819EEA18}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{562AC82F-A4AA-4FDC-AE25-3FDC62D8D710}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{56C80657-E5F0-40D1-AEBF-F8558EB76C46}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58431356-99D1-4113-B86D-84E6E5AB702F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58908418-7A35-41D0-BC49-95BE4656E77A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58D0D90C-04FB-4548-B605-DBC0B6400579}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5A361BE0-1FC9-421E-AD5A-67483803271C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5A433DD2-DBED-4446-8AFB-FE2CFC2E3FEF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5BA79241-6263-43EA-B03F-5722F5076E92}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5BFED51A-CD2E-4F61-9537-FAA8372CC13A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5C5A2CED-B42B-41BD-88C7-5BDDFF287BBF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5D5FBD94-85DB-4CCB-B3E5-46DDA18797A0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5DBF80A4-6AAA-42D6-844F-2EFA52F1B107}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5F470A54-25D5-4602-B0B3-30E75AE51761}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5FADCA06-A959-4781-94DA-E1FD2F081B04}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6065A0E6-18A2-41A4-B488-C538DEC148E6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{62CD3FF4-E2D6-467D-9435-51F0988D3178}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{63709F8A-2A42-4DE3-8D1A-EF553ABD8105}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6378A53E-FEA1-47D6-86C1-7DE4AA50832C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6395F99C-4018-4B4E-987D-D98538CA51C5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{63E395FD-8C37-435A-9C03-6EA09BCF4C0C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{64807461-7494-4A7A-8096-DE1D294D241E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{64DE09DA-9B57-4E7B-9DF1-E29218E14EE7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{679D5051-41C7-48FB-A52B-95CA73959D3E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6873D373-0095-4BE6-8602-FD4E09B183CF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6A20C3EF-919D-44E7-AA6A-5828BD82EF90}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6AE3D9AC-9D10-478A-A1F8-418853859D57}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6B660FE8-C9F0-4D22-9AF2-74E16B0C0619}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6CCF6463-F18C-42AD-B41D-AA8816862D7E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6D3D1227-2D57-4F5D-B8E3-AA7F89AEB4F7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6D83E8E0-E00E-4E88-B14B-96264EB79107}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6E632EFF-2103-44FE-8A1B-17B66FF77A88}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6EC0622C-8D55-457E-9E92-C24D345A63B0}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6FBC910D-15C1-473D-85A0-C5F9228C17D4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70714DD8-1D51-47B6-B63F-A6EDB7B66291}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70C5F7ED-48F9-4C00-A274-3E557DA77915}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70FE31AF-6FB1-4CDD-A460-29F5FE9236D0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{711F3DAC-1666-470D-AA8F-2CFA474E76C6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{71E0FA53-C96B-408A-96D6-62EBAAE05F8E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72433408-AED1-480A-AE23-E8C91AE691C5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72D173F9-EFBB-499F-935D-107E61E2E9D5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72EA8E90-CD35-44BA-9365-5D6744750793}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{739B62C8-76A4-404E-B9AF-250A710EF839}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74769858-1FF9-419D-8B4D-1AFFCBEE40E5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74828E3E-B4EA-482C-8278-BBAD9D751A17}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74A10724-0153-478E-88F7-C71CF164B556}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{758E33F7-05FA-4336-B3A0-C153EB871A21}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{77E57209-56E3-43A3-8EA1-E3C699792091}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7874163B-39A3-4F16-9D5B-E9823A811328}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{78B41F84-826B-4EAF-AA21-F88E80E3F9A7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7981C931-93C8-4C46-B472-09F5D95D24C3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7AC924CA-0510-4CF6-A6DE-D6A7BDBBE9B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7B262F2D-68CB-4A8D-9E06-7A456A3C7D62}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7B791AE1-6D63-4A66-B51D-0B769BCFECE9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7BE65B15-D508-4DF8-8B39-98F54C2ACD17}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7D77E815-716F-4A6D-9675-8F385A2D0E8C}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7D842E1B-4C13-415D-90C4-55EEEE9C3C69}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7E22F450-BEAC-47CC-A7C0-C6396986CC51}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7E94B200-B5AD-433E-92B0-F0F7B83EADF2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7F5923F0-D1F3-4B12-827D-F2D0D0F84100}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7FDAF9EF-4213-48BA-AF5E-BC6A20CF53BF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{804DD6D7-D762-48BB-AD67-66C4BCE61CF2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{80B5AA1A-B11B-4FE2-B11A-3406B79933C2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{81251391-A16F-40F0-98C5-19D91046BB67}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{82B266E9-E86D-479F-A86B-1B984BF83CC2}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{830D9D91-FCFC-4A97-A1DE-961F666241F7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{83236231-EC45-4741-9819-A51EC0D22173}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{857E6C60-B3C6-48FA-B633-B10D7EFC9E12}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{86F1B9AB-9CD8-4176-A0A3-647E382105B6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{86FF82AD-09F3-4C47-B7D6-37BF66B0C525}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8705A7CE-F411-4F3F-A602-99207981C03E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{875922B2-DBF6-4CF3-8C2F-9527C51DBE7E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{87EB5630-C02B-4DA1-AD17-D71EB1B2E9B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{896E503B-3E07-4719-8298-E159FF310D4C}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{89A5F723-B3FE-4237-8632-624F0CBA7670}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{89FE48D6-8ECC-4F73-8477-EFEF94A47D1C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8A50AB12-65C4-4EF5-9D33-176DD919CCF4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8BFBF8F8-57C6-4AA0-AF18-85DCFF4DD58F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8D6F3F53-2D33-4E11-AFA1-D9122AE6D95A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8E90EEAD-8212-44D4-B6A3-24BA73047DFF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8EA64903-D940-43BD-8D67-5D56A7FC292F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8FC90F8B-936F-43A4-8896-15F946B3D456}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{90FA57B1-B755-43BE-92A0-734829397A86}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{927730F3-8979-4F91-B34C-36A6D8FEB197}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{936C6EFD-D164-4467-9B96-B689288CFE13}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{939C0A7D-6FDD-49B5-B028-39CF2DC9EF1D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{93BA648D-4D12-4493-8C8E-198F69003854}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{93CCC2FC-570B-40DE-A907-D9F95938CEDC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{959D8A96-C262-43DC-9BFC-BD08333969A9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{96440AD0-4E6E-41EE-8554-C872D79D9022}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{969DCFA1-394F-406B-84E5-E61D76EDEECD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9797AED5-76DD-4E78-908A-B544201121B3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98396DDA-CF11-4302-8215-BA8120B5DA19}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98A3C4DE-DBA6-4C0D-8DDB-74C15E0A6B8E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98FD387D-166E-422F-B91D-26E1CB0D8280}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{993DAE10-10D0-4131-AAE8-C512B10713B7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9B0B61ED-4748-490A-8DAC-09B2D7A684D5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9C4A0C62-B92A-4742-ACDE-C635BABDE7AD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9C80058F-C21F-4C1C-B176-146AB674E21D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9D6D56E0-9E0F-4F7C-937E-DA8DEA57C211}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9D92C13E-F779-473A-A030-2A0428A54782}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9DB354A5-1DE2-42D6-A9C3-ABB392B81288}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9DDA5E25-7A9E-4833-8DB8-03B8B2F3BAA1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9E68916F-46C0-46DA-92F7-74F34A76893C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9ED484FF-7E15-40F8-81CE-27C99D346B35}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9F499E7E-5900-4F3C-A577-57A2ED232029}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A17CDAEC-6615-4B1C-AA27-C1C52442C7E3}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A197085F-6871-484C-8B05-DE43C6D914FC}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A21AE1A2-0E33-4ED9-885B-633FF46B0A04}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A2CCDCB1-A499-4E0A-8E79-9D71C2A21C8C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A39ABF35-4BDE-46CE-876B-BD4C5FC96CC7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A39BF21F-A764-45C1-8F1D-CA4EE86FB8F0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A43EA216-4E67-4BC3-B650-CD317DAB9D5F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A4612DAF-D6CA-497C-B500-10C8BA726001}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A4AFCA9E-1596-4B47-8C27-413779938714}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A50DBD74-9558-4772-A1B7-1E3529B074E5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5365AC5-5DE2-4C50-85A2-59C51D9BC740}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A58A6264-9E95-4132-B94F-4A1222C9741D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5B64A85-FCD1-4828-815B-762D70EE547F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5C88E5B-89EF-4914-B7B0-8D183C1B1509}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5F8C5CD-A2D3-440D-B513-1DD8FE89F424}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A625F791-D329-4166-8E5C-143F8EF7DA6D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A72543EC-2538-45A8-8F05-ED6CFFA6F7AC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A93E66AB-D324-44C0-A56E-9AA4C1C4BF9A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A9B28D64-4686-4908-9D35-4F863AB8658E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AB71F5CB-4EA4-44DD-A998-42CEF3989D1B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AC0C7551-1A0C-4EB5-84B2-E08911BAE550}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AC812428-006B-4AF4-81F5-B0A4F8387882}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ACF56F86-2E0F-4D68-B51F-D217E1572138}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AEEF3AED-D56D-43D8-8953-5974678CF215}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AEF6A5AB-6583-4DC8-9D20-FD47C658D585}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF115377-4251-4238-A0CA-FF3FE9D2D109}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF26A0CE-3985-48A7-9190-2987446D2307}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF5E112D-3949-4AA1-BD0D-C81D2ED05F96}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF5E1704-476F-4964-86A8-1D9F917000FE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AFB4B228-9025-4631-B6F6-0539B9095016}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B1049DF0-04C7-4A7C-A7DB-4F15B05000A5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B2267AD6-246B-46CF-8859-9FB7AB03A08D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B257C6A8-E80F-4F76-86A6-884B6830EED1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B26AA993-82CB-4AF1-8E67-58B3621368D9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B26B54E7-D238-4E64-B173-BABBC3AC51F5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B2C726B2-31C0-49F7-A5C8-84C003DBF2F5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B3940A87-3BE8-4BCA-9C8C-877D9BC66F18}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B4A0058E-BF67-4060-942B-F7B4F6F4216A}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B576FB1E-F851-4F9F-9EF4-57481A18E4E4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B5A0664C-2554-4460-97BB-F46BA27C5EE3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B667CE22-14D4-4A4D-A556-72831B6022BB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B85B1533-C8DB-40F9-BAF7-AC9A426407B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B9AE93BC-26BA-43B9-8212-0162A97B30A8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BA0F0FFB-C0D6-4AC8-A113-4A0FE2F3BF65}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BA427AE0-6535-40D2-B154-18FB7EC7C3CD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BAD64514-DBC5-438D-B33F-9F56431EF112}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BCD54A82-6F1F-4EBD-B2A6-6F043DFC0EE4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BCDD7B0B-7650-4803-B6EE-E39A5DE27132}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BEC61222-5A03-4DA7-9F24-54739827EF4C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C072A14F-1ADE-493A-9FFE-DADA1A3EA84A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C0ED1A7C-8ED2-40DA-A80B-D13F5DCB9EE8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C1C6A65D-2982-4713-A037-A1863868CE1D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C34186A1-8120-4F8E-8139-8D57A56980E0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C4519FE7-68F1-4C7E-830A-EC859D482182}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C670C825-CCDE-4025-95DD-D73D02FBF610}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C686E537-4AE1-4F50-948F-6AC9878F4C97}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C70111F6-2B52-485A-8C43-212167932D28}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C732CBEF-C88D-464F-AF46-AF0B5BC58264}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C76909D0-7073-4599-91BF-301DB1CCDF32}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C76B5FC4-81D8-4C46-9080-FDA757C11825}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C80FBEFE-9255-41B7-8293-A70F6F193083}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C94F23E0-15A5-4A00-929D-BAF174E157DD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA348364-002E-4FCB-8619-C35EBCBDE5A5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA9104DE-0884-4A8C-9363-E7A6922D500B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA930EA9-C214-4239-8FF8-A8F11BE99919}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CAE7414F-615B-4DB0-9271-7982223FCEA8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CBF0B258-C7A6-4169-B7C5-CE96398FCA91}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CC56A505-0CA3-4045-AA0A-3F843932A7D7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CCFC982C-F863-45CC-A9C6-C6BABC0C6BB7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CD160B53-D53B-4C00-B33A-9F22CB62DAA7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CD168EE0-4D6B-4140-8061-E7B41967CE67}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CDFC076E-F0B8-4CAC-A80B-B4B27F8BC24A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CF8364B6-6298-4145-9B7B-99AC176C6835}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CF8411A9-2BBB-4181-A51B-6B70D4B6069D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CFEDC560-F294-47C2-9E27-EF7AED37AD72}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D03F7398-124C-4198-9777-3317FF1FB5DE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D05B1BE1-6E7E-4ACD-87D7-EEDBDF2B4C89}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D1137DC6-E266-4058-A083-E62B7921B714}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D27A93F2-EBD0-4B6D-BCDE-02D0915E3D7D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D292D24E-A06E-4BCC-AFA8-225D07ECD46D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D2E1246D-6376-4F10-9D09-2142E6DBCAAA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D3146BE6-03FA-409C-87C1-947C78D557F4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D46B0FBE-7097-4C53-AA94-B93EBE53C27F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D55829D6-9C2F-4EFA-BB84-07A0097D6B07}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D5BB6777-13ED-46F8-982B-C583D304F209}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D64E70FF-E322-442F-BA1D-F8561F5784E9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D6CA47DF-9C42-4E26-A40D-32C8BC6F31C0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D6FD8099-8B64-4A4F-939D-71F4DCCE4654}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D79520AC-BC34-484A-AABA-2127AD62F97A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D7F7BEF5-ABD4-4B85-AECE-2FD9E0DDB16F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D9567DFA-80A0-4A9F-A3B8-DF45A777DD6F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D994E807-6F87-46AB-A7DC-5DA8813338A4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DB0D8EEA-ED01-4877-8DFC-1D048EE6BA7A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DBC661A8-946A-46FD-9CBF-4FD5E84BF8F4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DD65758E-EE46-42C3-AE64-A5003B4C47F2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DEE89120-9AB8-421E-8548-8228A3E8B021}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DF636ED9-3328-45DD-A069-D95AEAEF0493}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E09F6E7A-12D8-4E3A-AB2F-328D68E08DB5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E0B39F8D-2E62-4103-85AB-6D9EEC95D212}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E2383642-0F42-4718-9989-F767822E9022}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E286E750-8358-4C7C-9B87-53D2E7B6B119}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E310E16E-F719-454A-AD3D-812D45356C25}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E3AB500B-7141-4D59-BC6F-7EA628A94DEA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E3BAAFB2-2623-4924-87C3-275882A5BD6A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E418B9AC-5C73-4FDD-AB8E-EC165A339288}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E44A1F27-918C-4800-8D1F-54BCB2F8C344}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E49AB4BB-CA7F-4A90-B775-0CB88E48F875}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E4C0FE93-7388-4DE3-B3B4-9B9B85604931}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E6570C13-C36B-4A07-803B-B3DDAD286E73}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E84FC7BB-B33F-4EEA-9F35-DEC9F49FE100}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E8B02223-EDDE-4B34-B1CE-0458C77FC2E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E9028390-A3E4-4EC8-8FCF-5F65E16D1728}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E95EC689-094E-4B68-8CD6-9607BFEED49D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EA620DB4-E084-4199-97BC-7FE4CAEF9C7C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EB4C93CA-A2AB-4A57-906E-CC19F6961D3D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EB613649-063B-4544-80BD-C6870A872B41}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EC03100D-C090-415A-9B0A-9C940099EB81}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ED2E82AF-D94C-4148-9068-8CCF4ACC889B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ED68507B-46D0-467B-8A29-80B4CD1573F8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EDF42BAC-DBC0-4A8D-9C31-E2762233F47C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EE46CB2F-8C34-4C2D-A518-67F6B507287D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EE89C592-F26B-416C-A74F-CDFF3DCA1305}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EFF84AD8-B774-4699-B160-198B99920626}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F3EE20DB-B4D9-4FF7-B2C6-6A4FB3596A38}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F3F78710-4D3C-4C48-B305-7B2BEDB10410}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F4BFDDB6-0B15-449E-A425-55AB18E33EE4}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F55F5422-F758-4DF9-857A-4302A99FC9FB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F6CC75D0-960C-458F-BA46-B34FE1C55643}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F6EBFAD8-3B3F-48C9-96F7-2C8C20B43B55}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F71C2CE3-4920-4DF9-95B8-D895A0FF2E87}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F80C92C2-A821-4677-B50F-1F15288E46CA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F823C621-6351-45AD-B15B-4C7B62E29276}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F84BD060-C800-4192-87B3-C4B7ADDBDB4F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F868BAD4-0834-4DD4-ABFB-371A45D80A91}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F8C4CB74-DC93-4210-AA3B-568A3DFBFCAA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FC6B93CA-EBF2-4BB0-BF13-485FF0BC93D1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FD361363-D9B7-4253-9A2C-050521280C90}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FD4C3926-FDCF-42CE-B1A3-B3F56EC352BE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FDC178B1-D0B8-4EE5-8FF1-0FDDFDE6498D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FE33A2AF-6D7D-4450-A373-D074C48B7E86}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FE472A43-6D20-4424-B080-C991B8DF6A79}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FEC30EAD-E81B-4333-95E1-D721076E4BDC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FF362866-4208-4946-A51D-D287E2B90FE7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FFCAE9B6-7A2D-41C0-8F3A-87303C082C87}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\TempAnn.tmp
c:\program files\Common
c:\recycler\S-1-5-21-1217390584-4277175751-802309137-500
c:\recycler\S-1-5-21-1217902377-572023911-202798795-500
c:\recycler\S-1-5-21-1227394513-3536351638-1695338302-500
c:\recycler\S-1-5-21-1262618328-1462636851-3286993213-500
c:\recycler\S-1-5-21-1327079009-2111749817-1912604795-500
c:\recycler\S-1-5-21-1500826160-3693644323-698219342-500
c:\recycler\S-1-5-21-1606980848-606747145-682003330-1005
c:\recycler\S-1-5-21-1606980848-606747145-682003330-500
c:\recycler\S-1-5-21-1662757381-569527022-1593833163-500
c:\recycler\S-1-5-21-1721403634-1097047974-2694086253-500
c:\recycler\S-1-5-21-196574989-3277469933-42256743-500
c:\recycler\S-1-5-21-2116029844-4227404912-3071640610-500
c:\recycler\S-1-5-21-2214428612-3109298320-3657402991-500
c:\recycler\S-1-5-21-2641373605-2314955636-3407094535-500
c:\recycler\S-1-5-21-2666547893-547290626-141348200-500
c:\recycler\S-1-5-21-2943395483-479417999-1967988638-500
c:\recycler\S-1-5-21-3263195274-3041481093-3970812305-500
c:\recycler\S-1-5-21-3397542853-2082011447-125019259-500
c:\recycler\S-1-5-21-407872128-946764450-2912708799-500
c:\recycler\S-1-5-21-547319329-825754736-2758472541-500
c:\recycler\S-1-5-21-626977674-3388118148-1406371419-500
c:\windows\Installer\522e119.msi
c:\windows\system32\drivers\aydztnlsyhzd.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSScfmm.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoql.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\vebimayo.dll
c:\windows\TEMP\logishrd\LVPrcInj06.dll
c:\windows\wiaserviv.log
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_ACPI32
-------\Legacy_ALGSHAREDACCESS
-------\Legacy_HTPQHY
-------\Legacy_NICSK32
-------\Service_ALGSharedAccess
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-07-04 14:50 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-04 14:50 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-04 14:50 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-04 14:50 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-04 14:50 . 2009-07-04 14:50 -------- d-----w- c:\program files\Avira
2009-07-04 14:50 . 2009-07-04 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-20 12:44 . 2009-06-24 01:04 -------- d-----w- c:\program files\Family Feud II
2009-06-20 12:38 . 2009-06-20 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2009-06-19 15:26 . 2009-06-19 15:26 1915520 ----a-w- c:\documents and settings\vtewari\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-09 19:59 . 2009-06-09 19:59 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 12:22 . 2007-12-25 14:56 -------- d-----w- c:\documents and settings\vtewari\Application Data\LimeWire
2009-07-02 10:02 . 2008-07-25 17:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-20 12:38 . 2009-02-07 13:56 -------- d-----w- c:\program files\Amazon
2009-06-19 17:48 . 2008-12-13 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 17:47 . 2009-03-25 10:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-12-13 16:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-13 16:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 20:00 . 2006-10-04 14:22 -------- d-----w- c:\program files\Java
2009-05-28 22:07 . 2009-05-01 13:52 -------- d-----w- c:\documents and settings\vtewari\Application Data\gtk-2.0
2009-05-26 10:36 . 2007-10-27 14:01 -------- d-----w- c:\program files\Google
2009-05-21 15:33 . 2008-12-21 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 22:38 . 2007-12-29 16:33 -------- d-----w- c:\program files\LimeWire
2009-05-10 15:46 . 2008-12-02 01:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-05-10 15:46 . 2008-12-02 01:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-05-08 13:20 . 2009-05-08 13:20 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys
2009-05-08 13:12 . 2009-05-08 12:53 32 --s-a-w- c:\windows\system32\612250469.dat
2009-05-08 12:56 . 2009-05-08 12:56 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys
2009-05-08 12:54 . 2009-05-08 12:54 22696 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-11 22:15 . 2009-04-11 22:15 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-11 19:08 . 2008-11-25 11:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]
"Google Update"="c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-05-20 223744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-12-25 6144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5sbxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\keyacc32.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\wisptis.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/4/2009 10:50 AM 108289]
R2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\brownsw\VPNCLN~1\INSTAL~1.EXE [12/25/2008 2:39 PM 217219]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 5:05 PM 87808]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 2:09 PM 34736]
S0 ati5sbxx;ati5sbxx;c:\windows\system32\Drivers\ati5sbxx.sys --> c:\windows\system32\Drivers\ati5sbxx.sys [?]
S0 rlwcn;rlwcn;c:\windows\system32\drivers\gcwpzi.sys --> c:\windows\system32\drivers\gcwpzi.sys [?]
S2 htpqhy;htpqhy;\??\c:\windows\system32\drivers\aydztnlsyhzd.sys --> c:\windows\system32\drivers\aydztnlsyhzd.sys [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [12/30/2007 1:27 PM 99248]
S2 rslrwtte;rslrwtte;c:\windows\system32\drivers\jcfrvoky.sys --> c:\windows\system32\drivers\jcfrvoky.sys [?]
S2 sdhnyu;sdhnyu;c:\windows\system32\drivers\uvyleveo.sys --> c:\windows\system32\drivers\uvyleveo.sys [?]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/20/2009 8:38 AM 297472]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2/13/2009 8:07 PM 46108]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [7/14/2005 1:19 PM 23936]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [9/15/2006 11:44 AM 13568]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrvI7
.
Contents of the 'Scheduled Tasks' folder
2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869Core.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
2009-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869UA.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC} = 202.149.208.92,202.149.208.11
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxssl.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.142.downloads.estara.com./as/OneCCDM.php?template=83205&sessionid=1053845106_72.221.65.205_60883&=&req=1228491227562OneCC.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxp://tw.bgpma.com/Touchworks/DictationController.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} - hxxp://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} - hxxp://emr.bgpma.com/IDXICW/IDXM/icw.CAB
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://tw.bgpma.com/Touchworks/DictateBar.cab
DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
FF - ProfilePath - c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 20:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ??? ???????(?@???????@
scanning hidden files ...
c:\windows\system32\drivers\hjgruiylktlkuo.sys 67072 bytes executable
c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000 0 bytes
c:\windows\TEMP\hjgruirkwlxdnprd.tmp 18944 bytes executable
c:\windows\system32\hjgruideqtnylb.dll 18944 bytes executable
c:\windows\system32\hjgruidvibpjwy.dat 93 bytes
c:\windows\system32\hjgruilog.dat 50 bytes
c:\windows\system32\hjgruimpxbrqpd.dat 34537 bytes
c:\windows\system32\hjgruivxviuxym.dll 19456 bytes executable
c:\windows\system32\hjgruiypyygyoi.dll 42496 bytes executable
scan completed successfully
hidden files: 9
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruiuwpiimrd]
"imagepath"="\systemroot\system32\drivers\hjgruiylktlkuo.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1808)
c:\windows\system32\MSVCRT40.dll
- - - - - - - > 'explorer.exe'(5896)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-07 20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 00:38
Pre-Run: 31,703,957,504 bytes free
Post-Run: 32,471,879,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
687
And here is the latest HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:00 PM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\BrownSW\VPNCLN~1\INSTAL~1.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IDXHlprObj Class - {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files\IDX Web Desktop\IDXIEController.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DictateBHO - {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll
O3 - Toolbar: TouchWorks Dictate - {6F60C5C5-61B3-4378-8902-ED9497663AC9} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} (Engine Class) - /Touchworks/AHSCompressionEngine.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} (IDXssl Class) - http://emr.bgpma.com...IDXM/idxssl.cab
O16 - DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} (WAVSCtl.WAVitalSignsCtl) - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
O16 - DPF: {46965FE7-2129-407B-938C-BE358A56D11E} (AICViewer.Viewer) - /touchworks/docworks/chworks/note/aicviewer3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229557813171
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.14.142.downloads.estara.com...227562OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232477913984
O16 - DPF: {77C84519-8818-4E32-9540-653A9905C9F6} (DictationController Class) - http://tw.bgpma.com/...nController.cab
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl) - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
O16 - DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} (Pesgoa Control) - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
O16 - DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} (Flowcast LDAP Class) - http://emr.bgpma.com...lowcastLDAP.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} (DictionaryManager.Dictionary) - /Touchworks/DictionaryManager.CAB
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
O16 - DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} (IDX TermWin Control) - http://emr.bgpma.com...CW/IDXM/icw.CAB
O16 - DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} (TWRTFControl) - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
O16 - DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} (DictateBandInstaller) - https://tw.bgpma.com.../DictateBar.cab
O16 - DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} (IDXcsvr Control Class) - http://emr.bgpma.com...DXM/idxcsvr.cab
O16 - DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} (AIC_ViewerAS2.Viewer) - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bgpma.com
O17 - HKLM\Software\..\Telephony: DomainName = bgpma.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC}: NameServer = 202.149.208.92,202.149.208.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bgpma.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bgpma.com
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\BrownSW\VPNCLN~1\INSTAL~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 14414 bytes
Again, thank you immensely for your help
Here is my ComboFix.txt :
ComboFix 09-07-06.02 - vtewari 07/06/2009 20:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.626 [GMT -4:00]
Running from: c:\documents and settings\vtewari\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-1398234865
c:\documents and settings\All Users\Application Data\13B5E8A1.exe
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{010851FB-E87B-4B15-B89D-31BCA16CB409}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0191F380-CE67-4E66-AC7F-AF85A1A70EF5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{02140FBD-EFCD-4954-AA51-3EC959634BDA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{03F041FD-3F3A-424A-88F0-84351B0C7234}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{04B6190D-BB0B-444B-98EE-474F2C35C135}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{04DB7525-C121-4AA6-A18F-1688B0C1FFF9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0500A0C4-77E0-4F50-A5B4-AB67707141D2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{061DE70F-E1FA-41B8-9359-E76187719F66}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0685C898-6A71-4EA3-8BE8-AE14F901F82C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{06F7AC6F-CF24-4707-856D-3730898FAFD7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{08488A8B-CE72-4C5B-B92A-42BF00D61D11}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0893DA15-1568-4A12-BA4B-03C02C8F9D17}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{08BF69EB-7A77-4974-9208-1C88B79714E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{09487DC3-3517-495A-989C-811544B253B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0978B4F3-F83D-4551-88FE-F8AAD8583F3C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0A7A0EE4-C523-49AD-AA57-89AA2CAC2A97}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B54D927-E5A1-4789-BB74-61221152F02B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B5DA379-7053-4CEC-903A-AFF2FA2A888B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B9E8426-82A5-4F94-B2C6-8D04096E7792}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0C7EA272-B681-4C14-A4B8-12996AB8725B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0EC6EF41-DF71-4AEE-9B5D-FE0C34D85164}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0F359B3A-66EE-4453-930A-B899CB7F0D40}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{100ECC25-B5E5-4790-A848-2525363C5F1C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1126C211-3C15-473E-B32C-8F6753A561E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{115B6B95-4FC0-4B9D-81F9-D44C48F9BB52}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1244729B-0B52-4EF4-A7FD-5BFBF7962CC7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{12EE75DB-F4AD-4DF3-8DEB-4FF5630B73B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{15277D43-9416-4EF7-A82C-BA8D9DA09C76}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1595F55E-79E5-4585-9DEF-F8D8D7CEA728}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{16103788-4258-4D60-BB2D-F50178904DFF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{162080FD-33C1-49AC-B5CD-7C3BCD448CA3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{16EE379E-EE9A-4169-823B-31534899A850}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1739EAF4-B0FD-482E-84A5-76B066CF8ED2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{17B68B72-19E4-48BE-92C9-C5FEB6E10805}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{17C687B4-D05E-4F7C-B271-9E48AA6DA636}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1981FE74-AC3A-4B1F-8845-08EF843A36F8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{19D0AED9-8670-4584-958B-9B3FB18D5826}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1C7D836B-F192-4EA0-9F04-1CE6FAB6C4EE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1D41E7FF-F552-40CB-8FD1-CDC1D19647B9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1DAA25C7-2AC0-4E1A-B876-7AA8CC03903F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1FBCE2DC-BD7C-4547-A374-FC5D84B4BB51}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2287BC21-FFEE-4852-AC36-04A9C7DB6B3B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2343D064-4ABB-4D00-921C-35C34C048297}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{23C089F9-663D-41E7-B088-049552BAA5FC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{24B7F475-B2AC-4DAF-961C-4C34C6412AAB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{27AB224E-8CDB-447F-9E25-DDB9D00C0138}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{281545B4-972C-4DAF-A0F9-08F17815AEC9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28A385F8-06AB-4D9A-A6BF-7F6E0BF006B8}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28A49E85-AA93-4A50-BCFA-32A696DCC4C5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28CCF5A5-3764-4DE8-8EDE-BAFAA19DC97F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28DEBA5F-5AB9-4434-8A74-85E7CEC85E73}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{291B1687-11C5-478D-8828-2795F3C3BFDE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29280690-76DE-4BA1-BB89-97DD080BD922}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29C3FA4C-2859-4BBB-BD5A-F8CA69712C3A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29F8E176-ADB7-44C8-8424-3DB43F257051}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A12AF4D-C6F9-48C6-887C-2F74A93929FA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A14ADE4-0E85-4E40-B908-957AAE235AC6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A4F96CA-4D23-4B17-9CA9-A4F78BE81C49}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2B51A903-9A94-4389-B637-6F1C88A12D65}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2B69A695-CA54-41A3-BB7D-424BFE734724}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2BBCE97F-6A60-44B4-B3A3-7CB9481796C3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2CE88845-9511-4062-A8C0-F001B72ED9FC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2DCF3314-7C34-40C0-A9F5-BE29CC5B2A2C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2E11003D-6AFF-46DA-AB6A-2EFD95E17B43}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2E89D667-2989-49D6-99DE-CB02A103B451}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2F901039-6D1E-4460-8A43-B98D6DC111AE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2F907FF8-D622-4408-9AF7-60CF7F89FD19}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2FB2DB80-5DA8-414C-843D-40DF7DA89C8E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{300489B1-7D3B-42DB-8140-19DA32665472}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{31CCEEB5-6316-49B4-91BB-CA9AC652B448}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{32011C5F-B5BA-4884-BBD8-2D5955DA63A8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{334E49B8-C297-4537-89F1-6D1B85C5FF60}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3437587F-6FD0-4D9C-8746-1F3C3200F8E7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{35ACB1CD-52D0-4AA8-B9E4-8C90318F2178}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{36601610-E3A3-41FB-90A6-0C8CA31E6B7B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{36694957-907A-4061-B8C1-B43C92AC8C40}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{37DBA378-D684-4E27-A3FD-903E9C2A8BA1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{380F6A13-4BA4-49F3-9A6A-D0280458277B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{39A4B93F-EA81-4BC4-B828-590D4103B2BF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3A7E1974-9D09-4AD6-B7AA-4F20186C5E51}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3AD9D121-4DB0-4AA0-B37F-C3DF374A3B4F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B266237-C7F3-41C0-B7F7-16D5620255A1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B33C647-7448-4617-B028-7EE791B1D0DB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B4B4770-0536-42BA-8CBE-377E661AB415}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3BD5807D-D7B6-44EA-95E3-001800A5BB4D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3C7DA435-25FA-40D6-B82D-BB1D006089E8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3CA25348-73ED-4614-8437-7A86E872D17F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3D9EAA7B-E63E-48BB-9892-E3E20F52880A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{402D0AC6-7BD8-4C11-BDB4-39473EF2DE80}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{404D084F-E2B9-44B0-9778-A0A416D6C006}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{412B13F7-B106-4D83-8C7C-2B4204A9B86E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{423FA1E8-386D-4002-BF97-86EB9763EC24}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{42945578-FA41-4518-B2F9-7F46FF28F2B0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4316DAED-8281-4644-9A48-71BB7C3AAB76}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{43E7A830-7421-44B3-8504-2995B5F4F65A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{44422074-351F-4ED3-A720-3FFB4BF37462}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4485CA72-FD13-4982-86AF-6588CB532605}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{459DC5F1-14FA-4BB7-8E8F-1B180396AC07}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{45A91680-F4E5-4A7C-98AE-CDC79216C9E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{45D7435B-80C3-490B-A874-E58D455DF916}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4650B851-2CCA-48C4-B803-692A6BF3AABF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46969F9E-FDFA-4EE7-8F3A-3EC0B291455C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46EF85F0-3883-41C5-9E93-8B3507635FD4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46FE700C-3876-4B8C-B871-530D38C835B6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4730D75E-17DB-4576-96BF-D9C5C85E27C3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{476F973A-AD82-474A-8EC8-9E563E95027D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{47D89126-F86F-4264-BD59-48DF662C27CF}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{48257CA3-2FCB-4068-A806-EC3FDAF70DD0}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4891FE67-87A4-483B-A7E4-D7CACF6F0E28}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{492DB771-64FD-4800-A226-C34FA99429F4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A19EA0A-E557-4C44-88B6-1B22D01A4F56}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A307AEA-BA37-417A-8AA1-0EDEDC1FD199}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A7DB28A-4A3D-4BA9-9F11-A3732C9B2509}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4AFCC474-6AFC-45AE-A74A-5460284A9DEC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4B5CD0FD-BBAA-4057-BDEF-B85F72EB5599}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C053A06-A917-4E83-AAC8-489A41B1E803}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C289E8B-72CA-4612-AC64-16ECF0BD8F54}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C7B62FB-6815-467C-B6D0-467C644B97A0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4CB5CC86-311D-4A1B-B5C6-F12817BB9F8F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4D659318-0737-41E6-828C-05212A74F261}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4F76E7B4-D8B0-4CD4-BEE5-5E7EA51E7ACF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{50CE66E5-D096-4020-8013-93D21D642267}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{52F24EED-3604-457B-ABFA-004FF8B5CF4A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{534C9310-6401-4555-956D-BB37AE91F54E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{54336CA0-7421-4777-AC21-6498110328A8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{55D92F5C-1E39-4873-8395-B3DA819EEA18}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{562AC82F-A4AA-4FDC-AE25-3FDC62D8D710}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{56C80657-E5F0-40D1-AEBF-F8558EB76C46}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58431356-99D1-4113-B86D-84E6E5AB702F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58908418-7A35-41D0-BC49-95BE4656E77A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58D0D90C-04FB-4548-B605-DBC0B6400579}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5A361BE0-1FC9-421E-AD5A-67483803271C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5A433DD2-DBED-4446-8AFB-FE2CFC2E3FEF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5BA79241-6263-43EA-B03F-5722F5076E92}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5BFED51A-CD2E-4F61-9537-FAA8372CC13A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5C5A2CED-B42B-41BD-88C7-5BDDFF287BBF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5D5FBD94-85DB-4CCB-B3E5-46DDA18797A0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5DBF80A4-6AAA-42D6-844F-2EFA52F1B107}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5F470A54-25D5-4602-B0B3-30E75AE51761}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5FADCA06-A959-4781-94DA-E1FD2F081B04}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6065A0E6-18A2-41A4-B488-C538DEC148E6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{62CD3FF4-E2D6-467D-9435-51F0988D3178}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{63709F8A-2A42-4DE3-8D1A-EF553ABD8105}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6378A53E-FEA1-47D6-86C1-7DE4AA50832C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6395F99C-4018-4B4E-987D-D98538CA51C5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{63E395FD-8C37-435A-9C03-6EA09BCF4C0C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{64807461-7494-4A7A-8096-DE1D294D241E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{64DE09DA-9B57-4E7B-9DF1-E29218E14EE7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{679D5051-41C7-48FB-A52B-95CA73959D3E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6873D373-0095-4BE6-8602-FD4E09B183CF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6A20C3EF-919D-44E7-AA6A-5828BD82EF90}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6AE3D9AC-9D10-478A-A1F8-418853859D57}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6B660FE8-C9F0-4D22-9AF2-74E16B0C0619}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6CCF6463-F18C-42AD-B41D-AA8816862D7E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6D3D1227-2D57-4F5D-B8E3-AA7F89AEB4F7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6D83E8E0-E00E-4E88-B14B-96264EB79107}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6E632EFF-2103-44FE-8A1B-17B66FF77A88}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6EC0622C-8D55-457E-9E92-C24D345A63B0}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6FBC910D-15C1-473D-85A0-C5F9228C17D4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70714DD8-1D51-47B6-B63F-A6EDB7B66291}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70C5F7ED-48F9-4C00-A274-3E557DA77915}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70FE31AF-6FB1-4CDD-A460-29F5FE9236D0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{711F3DAC-1666-470D-AA8F-2CFA474E76C6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{71E0FA53-C96B-408A-96D6-62EBAAE05F8E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72433408-AED1-480A-AE23-E8C91AE691C5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72D173F9-EFBB-499F-935D-107E61E2E9D5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72EA8E90-CD35-44BA-9365-5D6744750793}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{739B62C8-76A4-404E-B9AF-250A710EF839}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74769858-1FF9-419D-8B4D-1AFFCBEE40E5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74828E3E-B4EA-482C-8278-BBAD9D751A17}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74A10724-0153-478E-88F7-C71CF164B556}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{758E33F7-05FA-4336-B3A0-C153EB871A21}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{77E57209-56E3-43A3-8EA1-E3C699792091}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7874163B-39A3-4F16-9D5B-E9823A811328}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{78B41F84-826B-4EAF-AA21-F88E80E3F9A7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7981C931-93C8-4C46-B472-09F5D95D24C3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7AC924CA-0510-4CF6-A6DE-D6A7BDBBE9B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7B262F2D-68CB-4A8D-9E06-7A456A3C7D62}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7B791AE1-6D63-4A66-B51D-0B769BCFECE9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7BE65B15-D508-4DF8-8B39-98F54C2ACD17}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7D77E815-716F-4A6D-9675-8F385A2D0E8C}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7D842E1B-4C13-415D-90C4-55EEEE9C3C69}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7E22F450-BEAC-47CC-A7C0-C6396986CC51}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7E94B200-B5AD-433E-92B0-F0F7B83EADF2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7F5923F0-D1F3-4B12-827D-F2D0D0F84100}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7FDAF9EF-4213-48BA-AF5E-BC6A20CF53BF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{804DD6D7-D762-48BB-AD67-66C4BCE61CF2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{80B5AA1A-B11B-4FE2-B11A-3406B79933C2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{81251391-A16F-40F0-98C5-19D91046BB67}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{82B266E9-E86D-479F-A86B-1B984BF83CC2}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{830D9D91-FCFC-4A97-A1DE-961F666241F7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{83236231-EC45-4741-9819-A51EC0D22173}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{857E6C60-B3C6-48FA-B633-B10D7EFC9E12}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{86F1B9AB-9CD8-4176-A0A3-647E382105B6}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{86FF82AD-09F3-4C47-B7D6-37BF66B0C525}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8705A7CE-F411-4F3F-A602-99207981C03E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{875922B2-DBF6-4CF3-8C2F-9527C51DBE7E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{87EB5630-C02B-4DA1-AD17-D71EB1B2E9B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{896E503B-3E07-4719-8298-E159FF310D4C}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{89A5F723-B3FE-4237-8632-624F0CBA7670}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{89FE48D6-8ECC-4F73-8477-EFEF94A47D1C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8A50AB12-65C4-4EF5-9D33-176DD919CCF4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8BFBF8F8-57C6-4AA0-AF18-85DCFF4DD58F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8D6F3F53-2D33-4E11-AFA1-D9122AE6D95A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8E90EEAD-8212-44D4-B6A3-24BA73047DFF}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8EA64903-D940-43BD-8D67-5D56A7FC292F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8FC90F8B-936F-43A4-8896-15F946B3D456}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{90FA57B1-B755-43BE-92A0-734829397A86}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{927730F3-8979-4F91-B34C-36A6D8FEB197}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{936C6EFD-D164-4467-9B96-B689288CFE13}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{939C0A7D-6FDD-49B5-B028-39CF2DC9EF1D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{93BA648D-4D12-4493-8C8E-198F69003854}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{93CCC2FC-570B-40DE-A907-D9F95938CEDC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{959D8A96-C262-43DC-9BFC-BD08333969A9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{96440AD0-4E6E-41EE-8554-C872D79D9022}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{969DCFA1-394F-406B-84E5-E61D76EDEECD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9797AED5-76DD-4E78-908A-B544201121B3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98396DDA-CF11-4302-8215-BA8120B5DA19}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98A3C4DE-DBA6-4C0D-8DDB-74C15E0A6B8E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98FD387D-166E-422F-B91D-26E1CB0D8280}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{993DAE10-10D0-4131-AAE8-C512B10713B7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9B0B61ED-4748-490A-8DAC-09B2D7A684D5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9C4A0C62-B92A-4742-ACDE-C635BABDE7AD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9C80058F-C21F-4C1C-B176-146AB674E21D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9D6D56E0-9E0F-4F7C-937E-DA8DEA57C211}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9D92C13E-F779-473A-A030-2A0428A54782}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9DB354A5-1DE2-42D6-A9C3-ABB392B81288}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9DDA5E25-7A9E-4833-8DB8-03B8B2F3BAA1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9E68916F-46C0-46DA-92F7-74F34A76893C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9ED484FF-7E15-40F8-81CE-27C99D346B35}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9F499E7E-5900-4F3C-A577-57A2ED232029}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A17CDAEC-6615-4B1C-AA27-C1C52442C7E3}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A197085F-6871-484C-8B05-DE43C6D914FC}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A21AE1A2-0E33-4ED9-885B-633FF46B0A04}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A2CCDCB1-A499-4E0A-8E79-9D71C2A21C8C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A39ABF35-4BDE-46CE-876B-BD4C5FC96CC7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A39BF21F-A764-45C1-8F1D-CA4EE86FB8F0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A43EA216-4E67-4BC3-B650-CD317DAB9D5F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A4612DAF-D6CA-497C-B500-10C8BA726001}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A4AFCA9E-1596-4B47-8C27-413779938714}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A50DBD74-9558-4772-A1B7-1E3529B074E5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5365AC5-5DE2-4C50-85A2-59C51D9BC740}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A58A6264-9E95-4132-B94F-4A1222C9741D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5B64A85-FCD1-4828-815B-762D70EE547F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5C88E5B-89EF-4914-B7B0-8D183C1B1509}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5F8C5CD-A2D3-440D-B513-1DD8FE89F424}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A625F791-D329-4166-8E5C-143F8EF7DA6D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A72543EC-2538-45A8-8F05-ED6CFFA6F7AC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A93E66AB-D324-44C0-A56E-9AA4C1C4BF9A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A9B28D64-4686-4908-9D35-4F863AB8658E}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AB71F5CB-4EA4-44DD-A998-42CEF3989D1B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AC0C7551-1A0C-4EB5-84B2-E08911BAE550}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AC812428-006B-4AF4-81F5-B0A4F8387882}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ACF56F86-2E0F-4D68-B51F-D217E1572138}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AEEF3AED-D56D-43D8-8953-5974678CF215}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AEF6A5AB-6583-4DC8-9D20-FD47C658D585}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF115377-4251-4238-A0CA-FF3FE9D2D109}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF26A0CE-3985-48A7-9190-2987446D2307}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF5E112D-3949-4AA1-BD0D-C81D2ED05F96}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF5E1704-476F-4964-86A8-1D9F917000FE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AFB4B228-9025-4631-B6F6-0539B9095016}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B1049DF0-04C7-4A7C-A7DB-4F15B05000A5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B2267AD6-246B-46CF-8859-9FB7AB03A08D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B257C6A8-E80F-4F76-86A6-884B6830EED1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B26AA993-82CB-4AF1-8E67-58B3621368D9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B26B54E7-D238-4E64-B173-BABBC3AC51F5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B2C726B2-31C0-49F7-A5C8-84C003DBF2F5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B3940A87-3BE8-4BCA-9C8C-877D9BC66F18}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B4A0058E-BF67-4060-942B-F7B4F6F4216A}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B576FB1E-F851-4F9F-9EF4-57481A18E4E4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B5A0664C-2554-4460-97BB-F46BA27C5EE3}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B667CE22-14D4-4A4D-A556-72831B6022BB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B85B1533-C8DB-40F9-BAF7-AC9A426407B8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B9AE93BC-26BA-43B9-8212-0162A97B30A8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BA0F0FFB-C0D6-4AC8-A113-4A0FE2F3BF65}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BA427AE0-6535-40D2-B154-18FB7EC7C3CD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BAD64514-DBC5-438D-B33F-9F56431EF112}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BCD54A82-6F1F-4EBD-B2A6-6F043DFC0EE4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BCDD7B0B-7650-4803-B6EE-E39A5DE27132}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BEC61222-5A03-4DA7-9F24-54739827EF4C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C072A14F-1ADE-493A-9FFE-DADA1A3EA84A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C0ED1A7C-8ED2-40DA-A80B-D13F5DCB9EE8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C1C6A65D-2982-4713-A037-A1863868CE1D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C34186A1-8120-4F8E-8139-8D57A56980E0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C4519FE7-68F1-4C7E-830A-EC859D482182}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C670C825-CCDE-4025-95DD-D73D02FBF610}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C686E537-4AE1-4F50-948F-6AC9878F4C97}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C70111F6-2B52-485A-8C43-212167932D28}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C732CBEF-C88D-464F-AF46-AF0B5BC58264}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C76909D0-7073-4599-91BF-301DB1CCDF32}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C76B5FC4-81D8-4C46-9080-FDA757C11825}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C80FBEFE-9255-41B7-8293-A70F6F193083}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C94F23E0-15A5-4A00-929D-BAF174E157DD}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA348364-002E-4FCB-8619-C35EBCBDE5A5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA9104DE-0884-4A8C-9363-E7A6922D500B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA930EA9-C214-4239-8FF8-A8F11BE99919}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CAE7414F-615B-4DB0-9271-7982223FCEA8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CBF0B258-C7A6-4169-B7C5-CE96398FCA91}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CC56A505-0CA3-4045-AA0A-3F843932A7D7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CCFC982C-F863-45CC-A9C6-C6BABC0C6BB7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CD160B53-D53B-4C00-B33A-9F22CB62DAA7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CD168EE0-4D6B-4140-8061-E7B41967CE67}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CDFC076E-F0B8-4CAC-A80B-B4B27F8BC24A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CF8364B6-6298-4145-9B7B-99AC176C6835}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CF8411A9-2BBB-4181-A51B-6B70D4B6069D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CFEDC560-F294-47C2-9E27-EF7AED37AD72}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D03F7398-124C-4198-9777-3317FF1FB5DE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D05B1BE1-6E7E-4ACD-87D7-EEDBDF2B4C89}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D1137DC6-E266-4058-A083-E62B7921B714}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D27A93F2-EBD0-4B6D-BCDE-02D0915E3D7D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D292D24E-A06E-4BCC-AFA8-225D07ECD46D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D2E1246D-6376-4F10-9D09-2142E6DBCAAA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D3146BE6-03FA-409C-87C1-947C78D557F4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D46B0FBE-7097-4C53-AA94-B93EBE53C27F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D55829D6-9C2F-4EFA-BB84-07A0097D6B07}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D5BB6777-13ED-46F8-982B-C583D304F209}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D64E70FF-E322-442F-BA1D-F8561F5784E9}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D6CA47DF-9C42-4E26-A40D-32C8BC6F31C0}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D6FD8099-8B64-4A4F-939D-71F4DCCE4654}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D79520AC-BC34-484A-AABA-2127AD62F97A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D7F7BEF5-ABD4-4B85-AECE-2FD9E0DDB16F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D9567DFA-80A0-4A9F-A3B8-DF45A777DD6F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D994E807-6F87-46AB-A7DC-5DA8813338A4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DB0D8EEA-ED01-4877-8DFC-1D048EE6BA7A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DBC661A8-946A-46FD-9CBF-4FD5E84BF8F4}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DD65758E-EE46-42C3-AE64-A5003B4C47F2}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DEE89120-9AB8-421E-8548-8228A3E8B021}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DF636ED9-3328-45DD-A069-D95AEAEF0493}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E09F6E7A-12D8-4E3A-AB2F-328D68E08DB5}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E0B39F8D-2E62-4103-85AB-6D9EEC95D212}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E2383642-0F42-4718-9989-F767822E9022}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E286E750-8358-4C7C-9B87-53D2E7B6B119}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E310E16E-F719-454A-AD3D-812D45356C25}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E3AB500B-7141-4D59-BC6F-7EA628A94DEA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E3BAAFB2-2623-4924-87C3-275882A5BD6A}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E418B9AC-5C73-4FDD-AB8E-EC165A339288}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E44A1F27-918C-4800-8D1F-54BCB2F8C344}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E49AB4BB-CA7F-4A90-B775-0CB88E48F875}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E4C0FE93-7388-4DE3-B3B4-9B9B85604931}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E6570C13-C36B-4A07-803B-B3DDAD286E73}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E84FC7BB-B33F-4EEA-9F35-DEC9F49FE100}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E8B02223-EDDE-4B34-B1CE-0458C77FC2E1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E9028390-A3E4-4EC8-8FCF-5F65E16D1728}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E95EC689-094E-4B68-8CD6-9607BFEED49D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EA620DB4-E084-4199-97BC-7FE4CAEF9C7C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EB4C93CA-A2AB-4A57-906E-CC19F6961D3D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EB613649-063B-4544-80BD-C6870A872B41}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EC03100D-C090-415A-9B0A-9C940099EB81}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ED2E82AF-D94C-4148-9068-8CCF4ACC889B}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ED68507B-46D0-467B-8A29-80B4CD1573F8}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EDF42BAC-DBC0-4A8D-9C31-E2762233F47C}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EE46CB2F-8C34-4C2D-A518-67F6B507287D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EE89C592-F26B-416C-A74F-CDFF3DCA1305}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EFF84AD8-B774-4699-B160-198B99920626}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F3EE20DB-B4D9-4FF7-B2C6-6A4FB3596A38}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F3F78710-4D3C-4C48-B305-7B2BEDB10410}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F4BFDDB6-0B15-449E-A425-55AB18E33EE4}.ANN
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F55F5422-F758-4DF9-857A-4302A99FC9FB}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F6CC75D0-960C-458F-BA46-B34FE1C55643}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F6EBFAD8-3B3F-48C9-96F7-2C8C20B43B55}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F71C2CE3-4920-4DF9-95B8-D895A0FF2E87}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F80C92C2-A821-4677-B50F-1F15288E46CA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F823C621-6351-45AD-B15B-4C7B62E29276}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F84BD060-C800-4192-87B3-C4B7ADDBDB4F}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F868BAD4-0834-4DD4-ABFB-371A45D80A91}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F8C4CB74-DC93-4210-AA3B-568A3DFBFCAA}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FC6B93CA-EBF2-4BB0-BF13-485FF0BC93D1}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FD361363-D9B7-4253-9A2C-050521280C90}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FD4C3926-FDCF-42CE-B1A3-B3F56EC352BE}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FDC178B1-D0B8-4EE5-8FF1-0FDDFDE6498D}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FE33A2AF-6D7D-4450-A373-D074C48B7E86}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FE472A43-6D20-4424-B080-C991B8DF6A79}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FEC30EAD-E81B-4333-95E1-D721076E4BDC}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FF362866-4208-4946-A51D-D287E2B90FE7}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FFCAE9B6-7A2D-41C0-8F3A-87303C082C87}.TIF
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\TempAnn.tmp
c:\program files\Common
c:\recycler\S-1-5-21-1217390584-4277175751-802309137-500
c:\recycler\S-1-5-21-1217902377-572023911-202798795-500
c:\recycler\S-1-5-21-1227394513-3536351638-1695338302-500
c:\recycler\S-1-5-21-1262618328-1462636851-3286993213-500
c:\recycler\S-1-5-21-1327079009-2111749817-1912604795-500
c:\recycler\S-1-5-21-1500826160-3693644323-698219342-500
c:\recycler\S-1-5-21-1606980848-606747145-682003330-1005
c:\recycler\S-1-5-21-1606980848-606747145-682003330-500
c:\recycler\S-1-5-21-1662757381-569527022-1593833163-500
c:\recycler\S-1-5-21-1721403634-1097047974-2694086253-500
c:\recycler\S-1-5-21-196574989-3277469933-42256743-500
c:\recycler\S-1-5-21-2116029844-4227404912-3071640610-500
c:\recycler\S-1-5-21-2214428612-3109298320-3657402991-500
c:\recycler\S-1-5-21-2641373605-2314955636-3407094535-500
c:\recycler\S-1-5-21-2666547893-547290626-141348200-500
c:\recycler\S-1-5-21-2943395483-479417999-1967988638-500
c:\recycler\S-1-5-21-3263195274-3041481093-3970812305-500
c:\recycler\S-1-5-21-3397542853-2082011447-125019259-500
c:\recycler\S-1-5-21-407872128-946764450-2912708799-500
c:\recycler\S-1-5-21-547319329-825754736-2758472541-500
c:\recycler\S-1-5-21-626977674-3388118148-1406371419-500
c:\windows\Installer\522e119.msi
c:\windows\system32\drivers\aydztnlsyhzd.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSScfmm.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoql.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\vebimayo.dll
c:\windows\TEMP\logishrd\LVPrcInj06.dll
c:\windows\wiaserviv.log
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_ACPI32
-------\Legacy_ALGSHAREDACCESS
-------\Legacy_HTPQHY
-------\Legacy_NICSK32
-------\Service_ALGSharedAccess
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-07-04 14:50 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-04 14:50 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-04 14:50 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-04 14:50 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-04 14:50 . 2009-07-04 14:50 -------- d-----w- c:\program files\Avira
2009-07-04 14:50 . 2009-07-04 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-20 12:44 . 2009-06-24 01:04 -------- d-----w- c:\program files\Family Feud II
2009-06-20 12:38 . 2009-06-20 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2009-06-19 15:26 . 2009-06-19 15:26 1915520 ----a-w- c:\documents and settings\vtewari\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-09 19:59 . 2009-06-09 19:59 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 12:22 . 2007-12-25 14:56 -------- d-----w- c:\documents and settings\vtewari\Application Data\LimeWire
2009-07-02 10:02 . 2008-07-25 17:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-20 12:38 . 2009-02-07 13:56 -------- d-----w- c:\program files\Amazon
2009-06-19 17:48 . 2008-12-13 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 17:47 . 2009-03-25 10:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-12-13 16:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-13 16:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 20:00 . 2006-10-04 14:22 -------- d-----w- c:\program files\Java
2009-05-28 22:07 . 2009-05-01 13:52 -------- d-----w- c:\documents and settings\vtewari\Application Data\gtk-2.0
2009-05-26 10:36 . 2007-10-27 14:01 -------- d-----w- c:\program files\Google
2009-05-21 15:33 . 2008-12-21 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 22:38 . 2007-12-29 16:33 -------- d-----w- c:\program files\LimeWire
2009-05-10 15:46 . 2008-12-02 01:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-05-10 15:46 . 2008-12-02 01:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-05-08 13:20 . 2009-05-08 13:20 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys
2009-05-08 13:12 . 2009-05-08 12:53 32 --s-a-w- c:\windows\system32\612250469.dat
2009-05-08 12:56 . 2009-05-08 12:56 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys
2009-05-08 12:54 . 2009-05-08 12:54 22696 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-11 22:15 . 2009-04-11 22:15 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-11 19:08 . 2008-11-25 11:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]
"Google Update"="c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-05-20 223744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-12-25 6144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5sbxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\keyacc32.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\wisptis.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/4/2009 10:50 AM 108289]
R2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\brownsw\VPNCLN~1\INSTAL~1.EXE [12/25/2008 2:39 PM 217219]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 5:05 PM 87808]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 2:09 PM 34736]
S0 ati5sbxx;ati5sbxx;c:\windows\system32\Drivers\ati5sbxx.sys --> c:\windows\system32\Drivers\ati5sbxx.sys [?]
S0 rlwcn;rlwcn;c:\windows\system32\drivers\gcwpzi.sys --> c:\windows\system32\drivers\gcwpzi.sys [?]
S2 htpqhy;htpqhy;\??\c:\windows\system32\drivers\aydztnlsyhzd.sys --> c:\windows\system32\drivers\aydztnlsyhzd.sys [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [12/30/2007 1:27 PM 99248]
S2 rslrwtte;rslrwtte;c:\windows\system32\drivers\jcfrvoky.sys --> c:\windows\system32\drivers\jcfrvoky.sys [?]
S2 sdhnyu;sdhnyu;c:\windows\system32\drivers\uvyleveo.sys --> c:\windows\system32\drivers\uvyleveo.sys [?]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/20/2009 8:38 AM 297472]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2/13/2009 8:07 PM 46108]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [7/14/2005 1:19 PM 23936]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [9/15/2006 11:44 AM 13568]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrvI7
.
Contents of the 'Scheduled Tasks' folder
2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869Core.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
2009-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869UA.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC} = 202.149.208.92,202.149.208.11
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxssl.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.142.downloads.estara.com./as/OneCCDM.php?template=83205&sessionid=1053845106_72.221.65.205_60883&=&req=1228491227562OneCC.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxp://tw.bgpma.com/Touchworks/DictationController.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} - hxxp://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} - hxxp://emr.bgpma.com/IDXICW/IDXM/icw.CAB
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://tw.bgpma.com/Touchworks/DictateBar.cab
DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
FF - ProfilePath - c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 20:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ??? ???????(?@???????@
scanning hidden files ...
c:\windows\system32\drivers\hjgruiylktlkuo.sys 67072 bytes executable
c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000 0 bytes
c:\windows\TEMP\hjgruirkwlxdnprd.tmp 18944 bytes executable
c:\windows\system32\hjgruideqtnylb.dll 18944 bytes executable
c:\windows\system32\hjgruidvibpjwy.dat 93 bytes
c:\windows\system32\hjgruilog.dat 50 bytes
c:\windows\system32\hjgruimpxbrqpd.dat 34537 bytes
c:\windows\system32\hjgruivxviuxym.dll 19456 bytes executable
c:\windows\system32\hjgruiypyygyoi.dll 42496 bytes executable
scan completed successfully
hidden files: 9
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruiuwpiimrd]
"imagepath"="\systemroot\system32\drivers\hjgruiylktlkuo.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1808)
c:\windows\system32\MSVCRT40.dll
- - - - - - - > 'explorer.exe'(5896)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-07 20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 00:38
Pre-Run: 31,703,957,504 bytes free
Post-Run: 32,471,879,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
687
And here is the latest HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:00 PM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\BrownSW\VPNCLN~1\INSTAL~1.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IDXHlprObj Class - {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files\IDX Web Desktop\IDXIEController.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DictateBHO - {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll
O3 - Toolbar: TouchWorks Dictate - {6F60C5C5-61B3-4378-8902-ED9497663AC9} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} (Engine Class) - /Touchworks/AHSCompressionEngine.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} (IDXssl Class) - http://emr.bgpma.com...IDXM/idxssl.cab
O16 - DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} (WAVSCtl.WAVitalSignsCtl) - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
O16 - DPF: {46965FE7-2129-407B-938C-BE358A56D11E} (AICViewer.Viewer) - /touchworks/docworks/chworks/note/aicviewer3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229557813171
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.14.142.downloads.estara.com...227562OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232477913984
O16 - DPF: {77C84519-8818-4E32-9540-653A9905C9F6} (DictationController Class) - http://tw.bgpma.com/...nController.cab
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl) - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
O16 - DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} (Pesgoa Control) - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
O16 - DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} (Flowcast LDAP Class) - http://emr.bgpma.com...lowcastLDAP.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} (DictionaryManager.Dictionary) - /Touchworks/DictionaryManager.CAB
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
O16 - DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} (IDX TermWin Control) - http://emr.bgpma.com...CW/IDXM/icw.CAB
O16 - DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} (TWRTFControl) - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
O16 - DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} (DictateBandInstaller) - https://tw.bgpma.com.../DictateBar.cab
O16 - DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} (IDXcsvr Control Class) - http://emr.bgpma.com...DXM/idxcsvr.cab
O16 - DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} (AIC_ViewerAS2.Viewer) - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bgpma.com
O17 - HKLM\Software\..\Telephony: DomainName = bgpma.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC}: NameServer = 202.149.208.92,202.149.208.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bgpma.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bgpma.com
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\BrownSW\VPNCLN~1\INSTAL~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 14414 bytes
Again, thank you immensely for your help
#4
Posted 14 July 2009 - 07:57 AM
-
- Administrators
-
- 22,579 posts
Forum Deity
- Gender:Male
- Location:US
Very sorry for the delay. I lost track of your post.
Please run the following.
STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe
Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines
Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .
Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:
Post back the Combofix log on your next reply.
STEP 02
Update and Scan with Malwarebytes' Anti-Malware
STEP 03
Please disable your current Anti-Virus and run the following Online AV scanner
Run Eset NOD32 Online AntiVirus
Note: You will need to use Internet Explorer for this scan.
Please run the following.
STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe
Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines
KILLALL:: Driver:: ati5sbxx rlwcn htpqhy rslrwtte sdhnyu File:: c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000 c:\windows\system32\Drivers\ati5sbxx.sys c:\windows\system32\drivers\aydztnlsyhzd.sys c:\windows\system32\drivers\gcwpzi.sys c:\windows\system32\drivers\hjgruiylktlkuo.sys c:\windows\system32\drivers\jcfrvoky.sys c:\windows\system32\drivers\uvyleveo.sys c:\windows\system32\hjgruideqtnylb.dll c:\windows\system32\hjgruidvibpjwy.dat c:\windows\system32\hjgruilog.dat c:\windows\system32\hjgruimpxbrqpd.dat c:\windows\system32\hjgruivxviuxym.dll c:\windows\system32\hjgruiypyygyoi.dll c:\windows\TEMP\hjgruirkwlxdnprd.tmp Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruiuwpiimrd]
Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .
Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:
- Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
- Disconnect from the Internet.
- Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
- A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
- It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
When the scan completes Notepad will open with with your results log open. Do a File, Exit.
Post back the Combofix log on your next reply.
STEP 02
Update and Scan with Malwarebytes' Anti-Malware
- Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
- Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
- Update Malwarebytes' Anti-Malware
- When the update is complete, select the Scanner tab
- Select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
- If you accidently close it, the log file is saved here and will be named like this:
STEP 03
Please disable your current Anti-Virus and run the following Online AV scanner
Run Eset NOD32 Online AntiVirus
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Anvirisus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
#5
Posted 15 July 2009 - 10:17 AM
-
- Administrators
-
- 22,579 posts
Forum Deity
- Gender:Male
- Location:US
#6
Posted 15 July 2009 - 10:49 AM
-
- Members
-
- 21 posts
New Member
Thanks again for your reply.
Here is my new combofix log. The next two messages will have the other logs:
ComboFix 09-07-14.07 - vtewari 07/14/2009 21:49.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.579 [GMT -4:00]
Running from: c:\documents and settings\vtewari\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\vtewari\Desktop\CFscript.txt
FILE ::
"c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000"
"c:\windows\system32\Drivers\ati5sbxx.sys"
"c:\windows\system32\drivers\aydztnlsyhzd.sys"
"c:\windows\system32\drivers\gcwpzi.sys"
"c:\windows\system32\drivers\hjgruiylktlkuo.sys"
"c:\windows\system32\drivers\jcfrvoky.sys"
"c:\windows\system32\drivers\uvyleveo.sys"
"c:\windows\system32\hjgruideqtnylb.dll"
"c:\windows\system32\hjgruidvibpjwy.dat"
"c:\windows\system32\hjgruilog.dat"
"c:\windows\system32\hjgruimpxbrqpd.dat"
"c:\windows\system32\hjgruivxviuxym.dll"
"c:\windows\system32\hjgruiypyygyoi.dll"
"c:\windows\TEMP\hjgruirkwlxdnprd.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hjgruilog.dat
c:\windows\system32\hjgruivxviuxym.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI5SBXX
-------\Service_ati5sbxx
-------\Service_htpqhy
-------\Service_rlwcn
-------\Service_rslrwtte
-------\Service_sdhnyu
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 00:26 . 2009-07-15 00:26 19456 ----a-w- c:\windows\system32\_hjgruivxviuxym.dll_.vir
2009-07-15 00:20 . 2009-07-15 00:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ApplicationHistory
2009-07-15 00:20 . 2009-07-15 00:20 135 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fusioncache.dat
2009-07-04 14:50 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-20 12:44 . 2009-06-24 01:04 -------- d-----w- c:\program files\Family Feud II
2009-06-20 12:38 . 2009-06-20 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2009-06-19 15:26 . 2009-06-19 15:26 1915520 ----a-w- c:\documents and settings\vtewari\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 18:21 . 2007-12-25 14:56 -------- d-----w- c:\documents and settings\vtewari\Application Data\LimeWire
2009-07-02 10:02 . 2008-07-25 17:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-20 12:38 . 2009-02-07 13:56 -------- d-----w- c:\program files\Amazon
2009-06-19 17:48 . 2008-12-13 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 17:47 . 2009-03-25 10:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-12-13 16:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-13 16:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 20:00 . 2006-10-04 14:22 -------- d-----w- c:\program files\Java
2009-06-09 19:59 . 2009-06-09 19:59 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-28 22:07 . 2009-05-01 13:52 -------- d-----w- c:\documents and settings\vtewari\Application Data\gtk-2.0
2009-05-26 10:36 . 2007-10-27 14:01 -------- d-----w- c:\program files\Google
2009-05-21 15:33 . 2008-12-21 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 22:38 . 2007-12-29 16:33 -------- d-----w- c:\program files\LimeWire
2009-05-08 13:20 . 2009-05-08 13:20 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys
2009-05-08 13:12 . 2009-05-08 12:53 32 --s-a-w- c:\windows\system32\612250469.dat
2009-05-08 12:56 . 2009-05-08 12:56 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys
2009-05-08 12:54 . 2009-05-08 12:54 22696 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-06-12 21:37 . 2008-12-14 20:30 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-07_00.31.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 01:58 . 2009-07-15 01:58 16384 c:\windows\temp\Perflib_Perfdata_c74.dat
+ 2006-02-28 12:00 . 2009-07-09 20:49 61084 c:\windows\system32\perfc009.dat
+ 2007-10-24 05:47 . 2007-10-24 05:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\system32\mscories.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 96760 c:\windows\system32\dfshim.dll
+ 2006-09-15 20:08 . 2009-07-14 22:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-15 20:08 . 2009-07-07 00:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-15 20:08 . 2009-07-14 22:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-15 20:08 . 2009-07-07 00:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-24 05:47 . 2007-10-24 05:47 37896 c:\windows\Microsoft.Net\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 81400 c:\windows\Microsoft.Net\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-24 05:47 . 2007-10-24 05:47 90112 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 57392 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 95232 c:\windows\Microsoft.Net\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 61952 c:\windows\Microsoft.Net\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 53248 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 89096 c:\windows\Microsoft.Net\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 24584 c:\windows\Microsoft.Net\Framework\v2.0.50727\normalization.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 31744 c:\windows\Microsoft.Net\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 19456 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscortim.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 70144 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 18944 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 77312 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 94208 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorld.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 47104 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorie.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 83456 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 69632 c:\windows\Microsoft.Net\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows\Microsoft.Net\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 97792 c:\windows\Microsoft.Net\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 12800 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 40960 c:\windows\Microsoft.Net\Framework\v2.0.50727\jsc.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows\Microsoft.Net\Framework\v2.0.50727\jsc.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows\Microsoft.Net\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 72192 c:\windows\Microsoft.Net\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 65032 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEHost.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 18936 c:\windows\Microsoft.Net\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 66552 c:\windows\Microsoft.Net\Framework\v2.0.50727\dfdll.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 35320 c:\windows\Microsoft.Net\Framework\v2.0.50727\cvtres.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 69120 c:\windows\Microsoft.Net\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 27136 c:\windows\Microsoft.Net\Framework\v2.0.50727\Culture.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 13312 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 80376 c:\windows\Microsoft.Net\Framework\v2.0.50727\csc.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 33280 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 33800 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 32776 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 24576 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 33288 c:\windows\Microsoft.Net\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 17928 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 22024 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 59392 c:\windows\Microsoft.Net\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 99320 c:\windows\Microsoft.Net\Framework\v2.0.50727\alink.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 10752 c:\windows\Microsoft.Net\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.Net\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 13824 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 97280 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\SharedReg12.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp10.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 82944 c:\windows\Microsoft.Net\Framework\NETFXSBS10.exe
+ 2009-07-07 17:49 . 2009-07-07 17:49 86528 c:\windows\Installer\5df30b.msi
+ 2009-07-07 19:29 . 2009-07-07 19:29 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\6e4069707f650352d7dad858289692df\UIXControls.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2009-07-07 19:28 . 2009-07-07 19:28 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 7168 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5632 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 6656 c:\windows\Microsoft.Net\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 8192 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 9728 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 5120 c:\windows\Microsoft.Net\Framework\v2.0.50727\dfsvc.exe
+ 2009-07-07 17:48 . 2009-07-07 17:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-10-09 18:33 . 2007-10-09 18:33 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2006-02-28 12:00 . 2009-07-09 20:49 401472 c:\windows\system32\perfh009.dat
+ 2007-10-24 05:47 . 2007-10-24 05:47 158720 c:\windows\system32\mscorier.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 282112 c:\windows\system32\mscoree.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 434688 c:\windows\Microsoft.Net\Framework\v2.0.50727\webengine.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 839680 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 884736 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 261120 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 131072 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 299008 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 299008 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Management.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 113664 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 630784 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 188416 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 401408 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 933888 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 741376 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 483840 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 425984 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 392696 c:\windows\Microsoft.Net\Framework\v2.0.50727\SOS.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 119296 c:\windows\Microsoft.Net\Framework\v2.0.50727\shfusion.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 144896 c:\windows\Microsoft.Net\Framework\v2.0.50727\peverify.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 101880 c:\windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 242688 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 340992 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 348672 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 308224 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 822280 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 671744 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 749568 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 655360 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 348160 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 230904 c:\windows\Microsoft.Net\Framework\v2.0.50727\ilasm.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 798224 c:\windows\Microsoft.Net\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 572936 c:\windows\Microsoft.Net\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 101896 c:\windows\Microsoft.Net\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 507904 c:\windows\Microsoft.Net\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 147968 c:\windows\Microsoft.Net\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 218112 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 193016 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 145408 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-11-07 19:07 . 2007-11-07 19:07 999936 c:\windows\Installer\5df314.msp
+ 2007-11-07 18:56 . 2007-11-07 18:56 553472 c:\windows\Installer\5df311.msp
+ 2007-11-07 18:58 . 2007-11-07 18:58 908800 c:\windows\Installer\5df30d.msp
+ 2007-11-07 18:54 . 2007-11-07 18:54 507392 c:\windows\Installer\5df30c.msp
+ 2009-07-07 19:29 . 2009-07-07 19:29 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 733184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 815104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2009-07-07 17:57 . 2009-07-07 17:57 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 876544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 1344000 c:\windows\Microsoft.Net\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 1172472 c:\windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 2068480 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5013504 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5431296 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 3076096 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5070848 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Design.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 3036160 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5814784 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 4444160 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 1162744 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscomp.dll
+ 2007-11-07 18:50 . 2007-11-07 18:50 6055936 c:\windows\Installer\5df313.msp
+ 2007-11-07 19:00 . 2007-11-07 19:00 3407360 c:\windows\Installer\5df312.msp
+ 2007-11-07 18:46 . 2007-11-07 18:46 3010560 c:\windows\Installer\5df310.msp
+ 2007-11-07 19:02 . 2007-11-07 19:02 6473216 c:\windows\Installer\5df30f.msp
+ 2007-11-07 19:12 . 2007-11-07 19:12 2533376 c:\windows\Installer\5df30e.msp
+ 2009-07-07 19:29 . 2009-07-07 19:29 2932736 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\92fd478f4e94520543b7f5b39052de61\ZuneShell.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1523712 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\b9227e075c3cd6a3cf2f3fdeeb0cd296\ZuneDBApi.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 5517312 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\980ffc2e13c341c36c64c93139305761\UIX.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 2256896 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\62097460d5f4aa49ff059fa7a6a40c44\UIX.RenderApi.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:56 8265728 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2009-07-07 18:00 . 2009-07-07 18:00 5771264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2009-07-07 17:57 . 2009-07-07 17:57 1667072 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1224704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1798144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:56 7049216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 2756608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1011712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 1695744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-07 18:00 . 2009-07-07 18:00 13193216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 12509184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:57 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:56 11722752 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]
"Google Update"="c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-05-20 223744]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-12-25 6144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\keyacc32.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\wisptis.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\brownsw\VPNCLN~1\INSTAL~1.EXE [12/25/2008 2:39 PM 217219]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 5:05 PM 87808]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 2:09 PM 34736]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [12/30/2007 1:27 PM 99248]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/20/2009 8:38 AM 297472]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2/13/2009 8:07 PM 46108]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [7/14/2005 1:19 PM 23936]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [9/15/2006 11:44 AM 13568]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrvI7
.
Contents of the 'Scheduled Tasks' folder
2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869Core.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
2009-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869UA.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
SafeBoot-ati5sbxx.sys
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC} = 202.149.208.92,202.149.208.11
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxssl.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.142.downloads.estara.com./as/OneCCDM.php?template=83205&sessionid=1053845106_72.221.65.205_60883&=&req=1228491227562OneCC.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxp://tw.bgpma.com/Touchworks/DictationController.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} - hxxp://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} - hxxp://emr.bgpma.com/IDXICW/IDXM/icw.CAB
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://tw.bgpma.com/Touchworks/DictateBar.cab
DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
FF - ProfilePath - c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 21:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???pT??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(6964)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-15 22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 02:03
ComboFix2.txt 2009-07-07 00:38
Pre-Run: 32,220,848,128 bytes free
Post-Run: 32,234,414,080 bytes free
552
Here is my new combofix log. The next two messages will have the other logs:
ComboFix 09-07-14.07 - vtewari 07/14/2009 21:49.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.579 [GMT -4:00]
Running from: c:\documents and settings\vtewari\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\vtewari\Desktop\CFscript.txt
FILE ::
"c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000"
"c:\windows\system32\Drivers\ati5sbxx.sys"
"c:\windows\system32\drivers\aydztnlsyhzd.sys"
"c:\windows\system32\drivers\gcwpzi.sys"
"c:\windows\system32\drivers\hjgruiylktlkuo.sys"
"c:\windows\system32\drivers\jcfrvoky.sys"
"c:\windows\system32\drivers\uvyleveo.sys"
"c:\windows\system32\hjgruideqtnylb.dll"
"c:\windows\system32\hjgruidvibpjwy.dat"
"c:\windows\system32\hjgruilog.dat"
"c:\windows\system32\hjgruimpxbrqpd.dat"
"c:\windows\system32\hjgruivxviuxym.dll"
"c:\windows\system32\hjgruiypyygyoi.dll"
"c:\windows\TEMP\hjgruirkwlxdnprd.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hjgruilog.dat
c:\windows\system32\hjgruivxviuxym.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI5SBXX
-------\Service_ati5sbxx
-------\Service_htpqhy
-------\Service_rlwcn
-------\Service_rslrwtte
-------\Service_sdhnyu
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 00:26 . 2009-07-15 00:26 19456 ----a-w- c:\windows\system32\_hjgruivxviuxym.dll_.vir
2009-07-15 00:20 . 2009-07-15 00:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ApplicationHistory
2009-07-15 00:20 . 2009-07-15 00:20 135 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fusioncache.dat
2009-07-04 14:50 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-20 12:44 . 2009-06-24 01:04 -------- d-----w- c:\program files\Family Feud II
2009-06-20 12:38 . 2009-06-20 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2009-06-19 15:26 . 2009-06-19 15:26 1915520 ----a-w- c:\documents and settings\vtewari\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 18:21 . 2007-12-25 14:56 -------- d-----w- c:\documents and settings\vtewari\Application Data\LimeWire
2009-07-02 10:02 . 2008-07-25 17:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-20 12:38 . 2009-02-07 13:56 -------- d-----w- c:\program files\Amazon
2009-06-19 17:48 . 2008-12-13 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 17:47 . 2009-03-25 10:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-12-13 16:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-13 16:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 20:00 . 2006-10-04 14:22 -------- d-----w- c:\program files\Java
2009-06-09 19:59 . 2009-06-09 19:59 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-28 22:07 . 2009-05-01 13:52 -------- d-----w- c:\documents and settings\vtewari\Application Data\gtk-2.0
2009-05-26 10:36 . 2007-10-27 14:01 -------- d-----w- c:\program files\Google
2009-05-21 15:33 . 2008-12-21 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 22:38 . 2007-12-29 16:33 -------- d-----w- c:\program files\LimeWire
2009-05-08 13:20 . 2009-05-08 13:20 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys
2009-05-08 13:12 . 2009-05-08 12:53 32 --s-a-w- c:\windows\system32\612250469.dat
2009-05-08 12:56 . 2009-05-08 12:56 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys
2009-05-08 12:54 . 2009-05-08 12:54 22696 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-06-12 21:37 . 2008-12-14 20:30 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-07_00.31.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 01:58 . 2009-07-15 01:58 16384 c:\windows\temp\Perflib_Perfdata_c74.dat
+ 2006-02-28 12:00 . 2009-07-09 20:49 61084 c:\windows\system32\perfc009.dat
+ 2007-10-24 05:47 . 2007-10-24 05:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\system32\mscories.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 96760 c:\windows\system32\dfshim.dll
+ 2006-09-15 20:08 . 2009-07-14 22:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-15 20:08 . 2009-07-07 00:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-15 20:08 . 2009-07-14 22:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-15 20:08 . 2009-07-07 00:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-24 05:47 . 2007-10-24 05:47 37896 c:\windows\Microsoft.Net\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 81400 c:\windows\Microsoft.Net\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-24 05:47 . 2007-10-24 05:47 90112 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 57392 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 95232 c:\windows\Microsoft.Net\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 61952 c:\windows\Microsoft.Net\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 53248 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 89096 c:\windows\Microsoft.Net\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 24584 c:\windows\Microsoft.Net\Framework\v2.0.50727\normalization.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 31744 c:\windows\Microsoft.Net\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 19456 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscortim.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 70144 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 18944 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 77312 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 94208 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorld.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 47104 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorie.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 83456 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 69632 c:\windows\Microsoft.Net\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows\Microsoft.Net\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 97792 c:\windows\Microsoft.Net\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 12800 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 40960 c:\windows\Microsoft.Net\Framework\v2.0.50727\jsc.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows\Microsoft.Net\Framework\v2.0.50727\jsc.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows\Microsoft.Net\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 72192 c:\windows\Microsoft.Net\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 65032 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEHost.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 18936 c:\windows\Microsoft.Net\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 66552 c:\windows\Microsoft.Net\Framework\v2.0.50727\dfdll.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 35320 c:\windows\Microsoft.Net\Framework\v2.0.50727\cvtres.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 69120 c:\windows\Microsoft.Net\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 27136 c:\windows\Microsoft.Net\Framework\v2.0.50727\Culture.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 13312 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 80376 c:\windows\Microsoft.Net\Framework\v2.0.50727\csc.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 33280 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 33800 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 32776 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 24576 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 33288 c:\windows\Microsoft.Net\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 17928 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 22024 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 59392 c:\windows\Microsoft.Net\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 99320 c:\windows\Microsoft.Net\Framework\v2.0.50727\alink.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 10752 c:\windows\Microsoft.Net\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.Net\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 13824 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 97280 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\SharedReg12.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp10.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 82944 c:\windows\Microsoft.Net\Framework\NETFXSBS10.exe
+ 2009-07-07 17:49 . 2009-07-07 17:49 86528 c:\windows\Installer\5df30b.msi
+ 2009-07-07 19:29 . 2009-07-07 19:29 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\6e4069707f650352d7dad858289692df\UIXControls.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2009-07-07 19:28 . 2009-07-07 19:28 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 7168 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5632 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 6656 c:\windows\Microsoft.Net\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 8192 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 9728 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 5120 c:\windows\Microsoft.Net\Framework\v2.0.50727\dfsvc.exe
+ 2009-07-07 17:48 . 2009-07-07 17:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-10-09 18:33 . 2007-10-09 18:33 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2006-02-28 12:00 . 2009-07-09 20:49 401472 c:\windows\system32\perfh009.dat
+ 2007-10-24 05:47 . 2007-10-24 05:47 158720 c:\windows\system32\mscorier.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 282112 c:\windows\system32\mscoree.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 434688 c:\windows\Microsoft.Net\Framework\v2.0.50727\webengine.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 839680 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 884736 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 261120 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 131072 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 299008 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 299008 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Management.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 113664 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 630784 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 188416 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 401408 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 933888 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 741376 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 483840 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 425984 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 392696 c:\windows\Microsoft.Net\Framework\v2.0.50727\SOS.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 119296 c:\windows\Microsoft.Net\Framework\v2.0.50727\shfusion.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 144896 c:\windows\Microsoft.Net\Framework\v2.0.50727\peverify.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 101880 c:\windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 242688 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 340992 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 348672 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 308224 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 822280 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 671744 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 749568 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 655360 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 348160 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 230904 c:\windows\Microsoft.Net\Framework\v2.0.50727\ilasm.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 798224 c:\windows\Microsoft.Net\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 572936 c:\windows\Microsoft.Net\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 101896 c:\windows\Microsoft.Net\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 507904 c:\windows\Microsoft.Net\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 147968 c:\windows\Microsoft.Net\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 218112 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 193016 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 145408 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-11-07 19:07 . 2007-11-07 19:07 999936 c:\windows\Installer\5df314.msp
+ 2007-11-07 18:56 . 2007-11-07 18:56 553472 c:\windows\Installer\5df311.msp
+ 2007-11-07 18:58 . 2007-11-07 18:58 908800 c:\windows\Installer\5df30d.msp
+ 2007-11-07 18:54 . 2007-11-07 18:54 507392 c:\windows\Installer\5df30c.msp
+ 2009-07-07 19:29 . 2009-07-07 19:29 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 733184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 815104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2009-07-07 17:57 . 2009-07-07 17:57 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 876544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 1344000 c:\windows\Microsoft.Net\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 1172472 c:\windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe
+ 2007-10-24 05:47 . 2007-10-24 05:47 2068480 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5013504 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5431296 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 3076096 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5070848 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Design.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 3036160 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 5814784 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 4444160 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 05:47 . 2007-10-24 05:47 1162744 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscomp.dll
+ 2007-11-07 18:50 . 2007-11-07 18:50 6055936 c:\windows\Installer\5df313.msp
+ 2007-11-07 19:00 . 2007-11-07 19:00 3407360 c:\windows\Installer\5df312.msp
+ 2007-11-07 18:46 . 2007-11-07 18:46 3010560 c:\windows\Installer\5df310.msp
+ 2007-11-07 19:02 . 2007-11-07 19:02 6473216 c:\windows\Installer\5df30f.msp
+ 2007-11-07 19:12 . 2007-11-07 19:12 2533376 c:\windows\Installer\5df30e.msp
+ 2009-07-07 19:29 . 2009-07-07 19:29 2932736 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\92fd478f4e94520543b7f5b39052de61\ZuneShell.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1523712 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\b9227e075c3cd6a3cf2f3fdeeb0cd296\ZuneDBApi.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 5517312 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\980ffc2e13c341c36c64c93139305761\UIX.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 2256896 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\62097460d5f4aa49ff059fa7a6a40c44\UIX.RenderApi.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:56 8265728 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2009-07-07 18:00 . 2009-07-07 18:00 5771264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2009-07-07 17:57 . 2009-07-07 17:57 1667072 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1224704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1798144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:56 7049216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 2756608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1011712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2009-07-07 19:28 . 2009-07-07 19:28 1695744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-07-07 17:48 . 2009-07-07 17:48 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-07 18:00 . 2009-07-07 18:00 13193216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2009-07-07 19:29 . 2009-07-07 19:29 12509184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:57 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2009-07-07 17:56 . 2009-07-07 17:56 11722752 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]
"Google Update"="c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-05-20 223744]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-12-25 6144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\keyacc32.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\wisptis.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\brownsw\VPNCLN~1\INSTAL~1.EXE [12/25/2008 2:39 PM 217219]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 5:05 PM 87808]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 2:09 PM 34736]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [12/30/2007 1:27 PM 99248]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/20/2009 8:38 AM 297472]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2/13/2009 8:07 PM 46108]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [7/14/2005 1:19 PM 23936]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [9/15/2006 11:44 AM 13568]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrvI7
.
Contents of the 'Scheduled Tasks' folder
2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869Core.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
2009-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869UA.job
- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
SafeBoot-ati5sbxx.sys
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC} = 202.149.208.92,202.149.208.11
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxssl.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.142.downloads.estara.com./as/OneCCDM.php?template=83205&sessionid=1053845106_72.221.65.205_60883&=&req=1228491227562OneCC.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxp://tw.bgpma.com/Touchworks/DictationController.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} - hxxp://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} - hxxp://emr.bgpma.com/IDXICW/IDXM/icw.CAB
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://tw.bgpma.com/Touchworks/DictateBar.cab
DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
FF - ProfilePath - c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 21:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???pT??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(6964)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-15 22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 02:03
ComboFix2.txt 2009-07-07 00:38
Pre-Run: 32,220,848,128 bytes free
Post-Run: 32,234,414,080 bytes free
552
#7
Posted 15 July 2009 - 10:50 AM
-
- Members
-
- 21 posts
New Member
Here is my new malwarevytes log:
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
7/14/2009 10:15:27 PM
mbam-log-2009-07-14 (22-15-27).txt
Scan type: Quick Scan
Objects scanned: 113520
Time elapsed: 5 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
7/14/2009 10:15:27 PM
mbam-log-2009-07-14 (22-15-27).txt
Scan type: Quick Scan
Objects scanned: 113520
Time elapsed: 5 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#8
Posted 15 July 2009 - 10:51 AM
-
- Members
-
- 21 posts
New Member
and here is my eset log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=7.00.6000.16791 (vista_gdr.081217-1620)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=7ac72c70fa7822409a195eab816842dd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-15 02:54:57
# local_time=2009-07-14 10:54:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3585 63 50 0 0
# scanned=54327
# found=3
# cleaned=0
# scan_time=1566
C:\Documents and Settings\All Users\Documents\Amazon Games & Software\FamilyFeudIISetup.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\Program Files\Family Feud II\FamilyFeud.RWG probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\13B5E8A1.exe.vir probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I
Thanks again for your generous help!
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=7.00.6000.16791 (vista_gdr.081217-1620)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=7ac72c70fa7822409a195eab816842dd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-15 02:54:57
# local_time=2009-07-14 10:54:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3585 63 50 0 0
# scanned=54327
# found=3
# cleaned=0
# scan_time=1566
C:\Documents and Settings\All Users\Documents\Amazon Games & Software\FamilyFeudIISetup.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\Program Files\Family Feud II\FamilyFeud.RWG probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\13B5E8A1.exe.vir probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I
Thanks again for your generous help!
#9
Posted 16 July 2009 - 05:30 AM
-
- Administrators
-
- 22,579 posts
Forum Deity
- Gender:Male
- Location:US
How is the computer running now?
Are there still any signs of infection?
Please upload this file C:\Documents and Settings\All Users\Documents\Amazon Games & Software\FamilyFeudIISetup.exe to VirusTotal and post back the results.
Please delete this file: c:\windows\system32\_hjgruivxviuxym.dll_.vir
Please download and run these tools which are designed to restore some standard policy settings. They are not harmful.
Are there still any signs of infection?
Please upload this file C:\Documents and Settings\All Users\Documents\Amazon Games & Software\FamilyFeudIISetup.exe to VirusTotal and post back the results.
Please delete this file: c:\windows\system32\_hjgruivxviuxym.dll_.vir
Please download and run these tools which are designed to restore some standard policy settings. They are not harmful.
- VArestorepolicies.INF
- Download this INF repair file from here: VArestorepolicies.zip by MS-MVP Miekiemoes
- Unzip or open the file VArestorepolicies.zip
- Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install
- FixPolicies.exe
- Download this self-extracting ZIP archive from here: FixPolicies.exe by MS-MVP Bill Castner and save it to your desktop.
- Double-click FixPolicies.exe
- Click the "Install" button on the bottom toolbar of the box that will open
- The program will create a new Folder called FixPolicies
- Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
- A black box will briefly appear and then close
- These fixes may prove temporary. Active malware may revert these changes on your next startup. You can safely run these utilities again.
#10
Posted 17 July 2009 - 01:52 AM
-
- Administrators
-
- 22,579 posts
Forum Deity
- Gender:Male
- Location:US
#11
Posted 17 July 2009 - 11:39 PM
-
- Administrators
-
- 22,579 posts
Forum Deity
- Gender:Male
- Location:US
#12
Posted 21 July 2009 - 01:55 AM
-
- Administrators
-
- 22,579 posts
Forum Deity
- Gender:Male
- Location:US
Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
