ANTI virus programmes not downloading or updating

Free Antivirus Forum - Learn about antivirus, firewalls and personal security

BullGuard Antivirus Forum > Virus Removal > Removal Help > ANTI virus programmes not downloading or updating

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/18/2009 2:49 AM (GMT +3)

I have quick heal antivirus installed on my PC which is not updating. No other antivirus programme is getting installed either. Also i often get a windows prompt saying some dll file image is invalid. When i run yahoo messenger a programme runs and sends a link to all contacts on my friends list. At times the whole system shuts down and a blue screen appears with a message saying that its beginning physical memory dump. Please help. The following are the log files.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:14 AM, on 12/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\QUICKH~2\QUICKH~1\opssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\QUICKH~2\QUICKH~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\quhlpsvc.exe
C:\PROGRA~1\QUICKH~2\QUICKH~1\scanwscs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Huawei\MT841\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Billion\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\QUICKH~2\QUICKH~1\EMLPROUI.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\OnlineNT.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\SCANMSG.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Rohit\xoausuf.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sify.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT841\dslagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Billion\ADSL USB Modem\CnxDslTb.exe" "Billion\ADSL USB Modem"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~2\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~2\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~2\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~2\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~2\QUICKH~1\sensor.exe /loadrun
O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~2\QUICKH~1\acappaa.exe
O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~2\QUICKH~2\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\QUICKH~2\QUICKH~1\sensor.exe /check
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [xoausuf] C:\Documents and Settings\Rohit\xoausuf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sify.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC932995-54C4-47DE-A831-A190379746C1}: NameServer = 202.54.10.9 202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D906B516-D0B7-4A00-82E9-F82E69A966B2}: NameServer = 202.54.10.2,203.197.12.42
O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~2\QUICKH~2\acs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~2\QUICKH~1\opssvc.exe
O23 - Service: Quick Heal Antivirus Plus Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~2\QUICKH~1\EMLPROXY.EXE
O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~2\QUICKH~1\quhlpsvc.exe
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~2\QUICKH~1\scanwscs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Rohit/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7581 bytes
=====================================================

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/18/2009 2:52:24 AM
mbam-log-2009-12-18 (02-52-24).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 256265
Time elapsed: 2 hour(s), 48 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1EFCDQJ\nwxt.gif (Worm.Downadup) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\ndisvvan.sys (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\8F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Delete on reboot.
C:\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\All Users\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\All Users.WINNT\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\aministrator\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Default User.WINDOWS\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Default User.WINNT\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\LocalService\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\NetworkService\secupdat.dat (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Rohit\secupdat.dat (Worm.Autorun) -> Delete on reboot.
============================================================================
DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Rohit at 4:03:06.53 on Fri 12/18/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.131 [GMT 5.5:30]

AV: Quick Heal 10.00 *On-access scanning enabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\QUICKH~2\QUICKH~1\opssvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\QUICKH~2\QUICKH~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\quhlpsvc.exe
C:\PROGRA~1\QUICKH~2\QUICKH~1\scanwscs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Huawei\MT841\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Billion\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\QUICKH~2\QUICKH~1\EMLPROUI.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\SCANMSG.EXE
C:\PROGRA~1\QUICKH~2\QUICKH~1\OnlineNT.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Rohit\xoausuf.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rohit\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sify.com
mDefault_Page_URL = hxxp://www.sify.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
uWinlogon: Shell=explorer.exe "c:\documents and settings\rohit\seg.exe"
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [xoausuf] c:\documents and settings\rohit\xoausuf.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DSLAGENTEXE] c:\program files\huawei\mt841\dslagent.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CnxDslTaskBar] "c:\program files\billion\adsl usb modem\cnxdsltb.exe" "billion\ADSL USB Modem"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [ctfmon.exe] ctfmon.exe
mRun: [Email Protection] c:\progra~1\quickh~2\quickh~1\EMLPROUI.EXE
mRun: [Update Scheduler] c:\progra~1\quickh~2\quickh~1\UPSCHD.EXE /CHECK
mRun: [On-Line Protection] c:\progra~1\quickh~2\quickh~1\CATEYE.EXE
mRun: [Messenger] c:\progra~1\quickh~2\quickh~1\SCANMSG.EXE
mRun: [Startup Scan] c:\progra~1\quickh~2\quickh~1\sensor.exe /loadrun
mRun: [ResumeQuickupDownload] c:\progra~1\quickh~2\quickh~1\acappaa.exe
mRun: [Quick Heal Monitor] c:\progra~1\quickh~2\quickh~2\op_mon.exe /tray /noservice
mRunOnce: [Startup Scan] c:\progra~1\quickh~2\quickh~1\sensor.exe /check
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\metacafe.lnk - c:\documents and settings\rohit\desktop\desktop mis items\miscellaneous\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {0050A87F-CF26-41AE-9C0A-C32307C941CB}\//val
IE: {0050A87F-CF26-41AE-9C0A-C32307C941CB}\HotIcon
IE: {0050A87F-CF26-41AE-9C0A-C32307C941CB}\Icon
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0050A87F-CF26-41AE-9C0A-C32307C941CB} - {0050A87F-CF26-41AE-9C0A-C32307C941CB}
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {BC932995-54C4-47DE-A831-A190379746C1} = 202.54.10.9 202.54.29.5
TCP: {D906B516-D0B7-4A00-82E9-F82E69A966B2} = 202.54.10.2,203.197.12.42
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\rohit\desktop\virus protection\super antispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rohit\applic~1\mozilla\firefox\profiles\12tnn9er.default\
FF - plugin: c:\documents and settings\rohit\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 rmiybqql;rmiybqql;c:\windows\system32\drivers\rmiybqql.sys [2009-12-3 40128]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2005-1-13 20480]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-12-16 673920]
R2 acssrv;Quick Heal Client Security Service;c:\progra~1\quickh~2\quickh~2\acs.exe [2009-12-16 1224704]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2009-12-16 65016]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2009-12-16 28656]
R2 Online Protection System;Online Protection System;c:\progra~1\quickh~2\quickh~1\opssvc.exe [2009-12-16 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;c:\progra~1\quickh~2\quickh~1\EMLPROXY.EXE [2009-12-16 50552]
R2 Quick Update Service;Quick Update Service;c:\progra~1\quickh~2\quickh~1\quhlpsvc.exe [2009-12-16 58744]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-12-16 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-12-16 234640]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2008-10-21 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2008-10-21 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [2008-10-21 60416]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\rohit\desktop\virus protection\super antispyware\sasdifsv.sys --> c:\documents and settings\rohit\desktop\virus protection\super antispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\all users.windows\desktop\saskutil.sys --> c:\documents and settings\all users.windows\desktop\SASKUTIL.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-1-12 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
S2 gwgtie;Boot System;c:\windows\system32\svchost.exe -k netsvcs [2005-1-12 14336]
S3 26300;26300;\??\c:\docume~1\rohit\locals~1\temp\10463463\26300.sys --> c:\docume~1\rohit\locals~1\temp\10463463\26300.sys [?]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 kernelx86;Kernel Debug Service;c:\windows\system32\drivers\kernelx86.sys [2009-12-3 12136]
S3 musbehco;musbehco;\??\c:\docume~1\rohit\locals~1\temp\musbehco.sys --> c:\docume~1\rohit\locals~1\temp\musbehco.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\all users.windows\desktop\sasenum.sys --> c:\documents and settings\all users.windows\desktop\SASENUM.SYS [?]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [2005-9-25 283392]

=============== Created Last 30 ================

2009-12-17 17:21:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 17:21:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 17:21:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-16 07:45:54 49150 --sh--r- c:\documents and settings\rohit\xoausuf.exe
2009-12-15 19:27:15 234640 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-12-15 19:26:07 49 ----a-w- c:\windows\transp.gif
2009-12-15 19:26:06 673920 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-12-15 19:26:03 30864 ----a-w- c:\windows\system32\drivers\afw.sys
2009-12-15 19:25:30 0 d-----w- c:\docume~1\alluse~2.win\applic~1\Quick Heal
2009-12-15 19:23:35 28656 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-12-15 19:23:13 65016 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-12-15 19:23:11 0 d-----w- c:\program files\Quick Heal
2009-12-15 19:21:20 76 ----a-w- c:\windows\QH32.INI
2009-12-11 17:46:01 20 ----a-w- c:\windows\PCSys.dll
2009-12-11 17:45:59 0 d-----w- c:\program files\Quick Heal PCTuner
2009-12-08 06:17:39 0 d-----w- c:\docume~1\rohit\applic~1\AVG8
2009-12-03 08:34:09 6144 ---ha-w- c:\documents and settings\rohit\seg.exe
2009-12-03 07:07:25 212994 ----a-w- c:\windows\system32\qxzv18.exe@
2009-12-03 06:50:46 237570 ----a-w- c:\windows\system32\qxzv47.exe@
2009-12-03 06:49:56 40128 ----a-w- c:\windows\system32\drivers\rmiybqql.sys
2009-12-03 06:48:48 237570 ----a-w- c:\windows\system32\qxzv85.exe@
2009-12-03 06:48:17 12136 ----a-w- c:\windows\system32\drivers\kernelx86.sys
2009-12-03 06:48:14 212994 --sh--r- c:\windows\system32\wmirpcd.exe
2009-12-02 17:18:24 508991 ----a-w- C:\QUAR.RPT
2009-12-02 11:18:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-02 11:18:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 08:51:54 0 ----a-w- c:\windows\sensor.INI
2009-12-02 08:51:22 0 ----a-w- c:\windows\hqstat.mtl
2009-12-02 08:51:22 0 ----a-w- c:\windows\hqstat.mnt

==================== Find3M ====================

2005-01-11 23:16:12 271 -csh--w- c:\program files\desktop.ini
2005-01-11 23:16:12 21952 -c-ha-w- c:\program files\folder.htt
2004-08-20 13:39:14 62865 -c--a-w- c:\windows\inf\im\odysseyIM3.sys
2004-08-20 13:39:14 45056 -c--a-w- c:\windows\inf\im\imdinst.exe
2004-08-20 13:39:14 12739 -c--a-w- c:\windows\inf\im\odNetInstall.dll
1998-08-24 06:39:10 10000 -c--a-w- c:\windows\inf\unregpn.exe
2006-07-05 10:55:01 167324 --sha-r- c:\windows\system32\kxbvcgv.dll

============= FINISH: 4:05:25.35 ===============

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/18/2009 3:03 AM (GMT +3)

My winzip is not working. I can email of post the DDS attach file here if required.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/18/2009 7:54 AM (GMT +3)

Hello rohitkhaitan and welcome smile

You have some suspicious files in the log, therefore ->

Please download Combofix from:

http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe

And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/18/2009 9:48 AM (GMT +3)

The virus it seems is not letting me download combofix. I am getting the same error message that i get when i try to download any antivirus. Thanks for your help. I have a lot of sensitive data on my pc which i cannot afford to loose.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/18/2009 9:59 AM (GMT +3)

Ok.

Please download http://swandog46.geekstogo.com/avenger2/download.php

by Swandog46 to your Desktop.

Click on Avenger.zip to open the file

Extract avenger2.exe to your desktop

Start Avenger

Begin copying here:
Folders to delete:
c:\documents and settings\rohit
Files to delete:
c:\windows\system32\qxzv18.exe@
c:\windows\system32\qxzv47.exe@
c:\windows\system32\drivers\rmiybqql.sys
c:\windows\system32\qxzv85.exe@
c:\windows\system32\drivers\kernelx86.sys
c:\windows\system32\kxbvcgv.dll

Copy/Paste all the text in the above codebox into the main window

Click Execute

The Avenger will automatically do the following:

It will Restart your computer.

On reboot, it will briefly open a black command window on your desktop, this is normal.

After the restart, it creates a log file that should open with the results of Avenger’s actions.

This log file will be located at C:\avenger.txt

Post C:\avenger.txt in next reply. If you can combofix now, please post that log as well.

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/18/2009 10:31 AM (GMT +3)

After repeated attempts i was successful in downloading and running combofix. While scanning it once said that it cannot find C:/ system 32 drivers. (something like that) and after the scan was finished the quick heal anti virus on my pc detected some NIRCMD.exe file and quarantined it. Meanwhile you have posted another reply. Should i do what u asked me to do in your last reply? I shall wait for your next reply before doing anything further. The following is the log of combofix

ComboFix 09-12-17.01 - Rohit 12/18/2009 12:27:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.177 [GMT 5.5:30]
Running from: c:\documents and settings\Rohit\My Documents\Downloads\KittyFix.exe
AV: Quick Heal 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\11.tmp
C:\14.tmp
C:\19.tmp
C:\1B.tmp
C:\20.tmp
C:\22.tmp
C:\3.tmp
C:\49.tmp
C:\4C.tmp
C:\5.tmp
C:\5E.tmp
C:\62.tmp
C:\8.tmp
C:\84.tmp
C:\9.tmp
C:\A.tmp
C:\C.tmp
c:\documents and settings\Rohit\xoausuf.exe
C:\E.tmp
C:\Thumbs.db
c:\windows\PCSys.dll
c:\windows\system32\clrviddc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMAPISERVICE
-------\Service_ImapiService

((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-17 17:21 . 2009-12-03 10:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 17:21 . 2009-12-03 10:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 19:27 . 2008-06-30 11:46 234640 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-12-15 19:26 . 2008-07-11 10:11 673920 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-12-15 19:26 . 2008-06-30 11:46 30864 ----a-w- c:\windows\system32\drivers\afw.sys
2009-12-15 19:25 . 2009-12-15 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Quick Heal
2009-12-15 19:23 . 2009-12-15 19:23 28656 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-12-15 19:23 . 2009-12-15 19:23 65016 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-12-15 19:23 . 2009-12-15 19:25 -------- d-----w- c:\program files\Quick Heal
2009-12-11 17:45 . 2009-12-11 17:46 -------- d-----w- c:\program files\Quick Heal PCTuner
2009-12-08 06:17 . 2009-12-08 06:17 -------- d-----w- c:\documents and settings\Rohit\Application Data\AVG8
2009-12-05 21:47 . 2009-12-05 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-12-03 08:34 . 2009-12-03 08:34 6144 ---ha-w- c:\documents and settings\Rohit\seg.exe
2009-12-03 06:49 . 2009-12-03 06:49 40128 ----a-w- c:\windows\system32\drivers\rmiybqql.sys
2009-12-03 06:48 . 2009-12-03 06:48 6144 ---ha-w- c:\documents and settings\NetworkService\tjvquhv.exe
2009-12-03 06:48 . 2009-12-17 17:01 12136 ----a-w- c:\windows\system32\drivers\kernelx86.sys
2009-12-03 06:48 . 2009-12-03 06:48 212994 --sh--r- c:\windows\system32\wmirpcd.exe
2009-12-02 11:18 . 2009-12-17 23:10 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 23:10 . 2006-07-28 17:57 -------- d-----w- c:\program files\Java
2009-12-17 23:09 . 2009-12-17 23:09 152576 ----a-w- c:\documents and settings\Rohit\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-17 23:03 . 2009-12-17 23:03 79488 ----a-w- c:\documents and settings\Rohit\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-17 22:38 . 2009-07-15 07:46 -------- d-----w- c:\program files\Fake Webcam
2009-12-16 08:36 . 2009-09-15 13:19 -------- d-----w- c:\documents and settings\Rohit\Application Data\vlc
2009-12-05 22:06 . 2006-02-01 15:41 -------- d-----w- c:\program files\Google
2009-12-02 09:04 . 2007-01-11 17:49 -------- d-----w- c:\program files\FlashGet
2009-11-02 23:25 . 2006-11-01 14:23 -------- d-----w- c:\documents and settings\Rohit\Application Data\Metacafe
2009-11-02 23:25 . 2006-11-01 14:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Metacafe
2009-10-04 16:21 . 2006-03-17 06:19 18864 -c--a-w- c:\documents and settings\Rohit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-04 14:09 . 2009-10-04 14:09 95232 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 14:09 . 2009-10-04 14:09 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-04 14:08 . 2009-10-04 14:10 33773208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-10-04 13:16 . 2009-07-26 14:53 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 13:16 . 2009-07-26 14:53 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 13:16 . 2009-07-26 14:53 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2005-01-11 23:16 . 2002-01-01 02:40 21952 -c-ha-w- c:\program files\folder.htt
2006-07-05 10:55 . 2005-01-11 23:25 167324 --sha-r- c:\windows\system32\kxbvcgv.dll
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys
[7] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Billion\ADSL USB Modem\CnxDslTb.exe Billion\ADSL USB Modem" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-08-02 86016]
"DSLAGENTEXE"="c:\program files\Huawei\MT841\dslagent.exe" [2004-08-25 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-23 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Email Protection"="c:\progra~1\QUICKH~2\QUICKH~1\EMLPROUI.EXE" [2009-12-15 267640]
"Update Scheduler"="c:\progra~1\QUICKH~2\QUICKH~1\UPSCHD.EXE" [2009-12-15 95608]
"On-Line Protection"="c:\progra~1\QUICKH~2\QUICKH~1\CATEYE.EXE" [2009-12-15 206200]
"Startup Scan"="c:\progra~1\QUICKH~2\QUICKH~1\sensor.exe" [2009-12-15 144760]
"ResumeQuickupDownload"="c:\progra~1\QUICKH~2\QUICKH~1\acappaa.exe" [2009-12-15 95608]
"Quick Heal Monitor"="c:\progra~1\QUICKH~2\QUICKH~2\op_mon.exe" [2008-07-31 1941504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Startup Scan"="c:\progra~1\QUICKH~2\QUICKH~1\sensor.exe" [2009-12-15 144760]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rmiybqql.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^D-Link AirPlus G+ Wireless Adapter Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\D-Link AirPlus G+ Wireless Adapter Utility.lnk
backup=c:\windows\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^salesdesk.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\salesdesk.lnk
backup=c:\windows\pss\salesdesk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-07 11:25 267064 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 13:20 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rediff Messenger]
2006-04-11 06:56 3041456 ----a-w- c:\program files\Rediff Bol\RediffMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Huawei\\MT841\\dslagent.exe"=
"c:\\Program Files\\Rediff Bol\\RediffMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Rediff Bol\\AppWorkingDir\\Client\\Video\\Talk&See.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wmirpcd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1584:TCP"= 1584:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1329:TCP"= 1329:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"2876:TCP"= 2876:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"1530:TCP"= 1530:TCP:Akamai NetSession Interface
"1933:TCP"= 1933:TCP:Akamai NetSession Interface
"4404:TCP"= 4404:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"4309:TCP"= 4309:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1299:TCP"= 1299:TCP:Akamai NetSession Interface
"3419:TCP"= 3419:TCP:Akamai NetSession Interface
"3774:TCP"= 3774:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2157:TCP"= 2157:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"2304:TCP"= 2304:TCP:Akamai NetSession Interface
"1236:TCP"= 1236:TCP:Akamai NetSession Interface
"1843:TCP"= 1843:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"2658:TCP"= 2658:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1463:TCP"= 1463:TCP:Akamai NetSession Interface
"2031:TCP"= 2031:TCP:Akamai NetSession Interface
"1393:TCP"= 1393:TCP:Akamai NetSession Interface
"4592:TCP"= 4592:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"2035:TCP"= 2035:TCP:Akamai NetSession Interface
"1338:TCP"= 1338:TCP:Akamai NetSession Interface
"3060:TCP"= 3060:TCP:Akamai NetSession Interface
"3137:TCP"= 3137:TCP:Akamai NetSession Interface
"1172:TCP"= 1172:TCP:Akamai NetSession Interface
"4821:TCP"= 4821:TCP:Akamai NetSession Interface
"4394:TCP"= 4394:TCP:Akamai NetSession Interface
"2354:TCP"= 2354:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"1206:TCP"= 1206:TCP:Akamai NetSession Interface
"1296:TCP"= 1296:TCP:Akamai NetSession Interface
"2421:TCP"= 2421:TCP:Akamai NetSession Interface
"2433:TCP"= 2433:TCP:Akamai NetSession Interface
"2736:TCP"= 2736:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1401:TCP"= 1401:TCP:Akamai NetSession Interface
"1797:TCP"= 1797:TCP:Akamai NetSession Interface
"1807:TCP"= 1807:TCP:Akamai NetSession Interface
"2480:TCP"= 2480:TCP:Akamai NetSession Interface
"3636:TCP"= 3636:TCP:Akamai NetSession Interface
"3669:TCP"= 3669:TCP:Akamai NetSession Interface
"3796:TCP"= 3796:TCP:Akamai NetSession Interface
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"1446:TCP"= 1446:TCP:Akamai NetSession Interface
"1622:TCP"= 1622:TCP:Akamai NetSession Interface
"1126:TCP"= 1126:TCP:Akamai NetSession Interface
"3806:TCP"= 3806:TCP:Akamai NetSession Interface
"2066:TCP"= 2066:TCP:Akamai NetSession Interface
"1695:TCP"= 1695:TCP:Akamai NetSession Interface
"3432:TCP"= 3432:TCP:Akamai NetSession Interface
"1920:TCP"= 1920:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1263:TCP"= 1263:TCP:Akamai NetSession Interface
"1532:TCP"= 1532:TCP:Akamai NetSession Interface
"3491:TCP"= 3491:TCP:Akamai NetSession Interface
"3504:TCP"= 3504:TCP:Akamai NetSession Interface
"3517:TCP"= 3517:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1114:TCP"= 1114:TCP:Akamai NetSession Interface
"2333:TCP"= 2333:TCP:Akamai NetSession Interface
"2446:TCP"= 2446:TCP:Akamai NetSession Interface
"2459:TCP"= 2459:TCP:Akamai NetSession Interface
"2781:TCP"= 2781:TCP:Akamai NetSession Interface
"3202:TCP"= 3202:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"2114:TCP"= 2114:TCP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4305:TCP"= 4305:TCP:Akamai NetSession Interface
"4336:TCP"= 4336:TCP:Akamai NetSession Interface
"4367:TCP"= 4367:TCP:Akamai NetSession Interface
"4403:TCP"= 4403:TCP:Akamai NetSession Interface
"1345:TCP"= 1345:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1323:TCP"= 1323:TCP:Akamai NetSession Interface
"1339:TCP"= 1339:TCP:Akamai NetSession Interface
"2046:TCP"= 2046:TCP:Akamai NetSession Interface
"2061:TCP"= 2061:TCP:Akamai NetSession Interface
"2618:TCP"= 2618:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"3351:TCP"= 3351:TCP:Akamai NetSession Interface
"3027:TCP"= 3027:TCP:Akamai NetSession Interface
"3189:TCP"= 3189:TCP:Akamai NetSession Interface
"3204:TCP"= 3204:TCP:Akamai NetSession Interface
"3225:TCP"= 3225:TCP:Akamai NetSession Interface
"1416:TCP"= 1416:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1989:TCP"= 1989:TCP:Akamai NetSession Interface
"4729:TCP"= 4729:TCP:Akamai NetSession Interface
"1365:TCP"= 1365:TCP:Akamai NetSession Interface
"1697:TCP"= 1697:TCP:Akamai NetSession Interface
"1711:TCP"= 1711:TCP:Akamai NetSession Interface
"1727:TCP"= 1727:TCP:Akamai NetSession Interface
"2041:TCP"= 2041:TCP:Akamai NetSession Interface
"2053:TCP"= 2053:TCP:Akamai NetSession Interface
"2064:TCP"= 2064:TCP:Akamai NetSession Interface
"2077:TCP"= 2077:TCP:Akamai NetSession Interface
"2088:TCP"= 2088:TCP:Akamai NetSession Interface
"2098:TCP"= 2098:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"2133:TCP"= 2133:TCP:Akamai NetSession Interface
"2143:TCP"= 2143:TCP:Akamai NetSession Interface
"2167:TCP"= 2167:TCP:Akamai NetSession Interface
"2184:TCP"= 2184:TCP:Akamai NetSession Interface
"2195:TCP"= 2195:TCP:Akamai NetSession Interface
"2212:TCP"= 2212:TCP:Akamai NetSession Interface
"2222:TCP"= 2222:TCP:Akamai NetSession Interface
"2245:TCP"= 2245:TCP:Akamai NetSession Interface
"2318:TCP"= 2318:TCP:Akamai NetSession Interface
"2329:TCP"= 2329:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"2355:TCP"= 2355:TCP:Akamai NetSession Interface
"2366:TCP"= 2366:TCP:Akamai NetSession Interface
"2377:TCP"= 2377:TCP:Akamai NetSession Interface
"1817:TCP"= 1817:TCP:Akamai NetSession Interface
"1827:TCP"= 1827:TCP:Akamai NetSession Interface
"1845:TCP"= 1845:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"1866:TCP"= 1866:TCP:Akamai NetSession Interface
"1878:TCP"= 1878:TCP:Akamai NetSession Interface
"1431:TCP"= 1431:TCP:Akamai NetSession Interface
"1636:TCP"= 1636:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"2835:TCP"= 2835:TCP:Akamai NetSession Interface
"2890:TCP"= 2890:TCP:Akamai NetSession Interface
"2838:TCP"= 2838:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1501:TCP"= 1501:TCP:Akamai NetSession Interface
"1607:TCP"= 1607:TCP:Akamai NetSession Interface
"1647:TCP"= 1647:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"3472:TCP"= 3472:TCP:Akamai NetSession Interface
"3535:TCP"= 3535:TCP:Akamai NetSession Interface
"3576:TCP"= 3576:TCP:Akamai NetSession Interface
"3671:TCP"= 3671:TCP:Akamai NetSession Interface
"3741:TCP"= 3741:TCP:Akamai NetSession Interface
"3801:TCP"= 3801:TCP:Akamai NetSession Interface
"3953:TCP"= 3953:TCP:Akamai NetSession Interface
"4466:TCP"= 4466:TCP:Akamai NetSession Interface
"2043:TCP"= 2043:TCP:Akamai NetSession Interface
"2102:TCP"= 2102:TCP:Akamai NetSession Interface
"2623:TCP"= 2623:TCP:Akamai NetSession Interface
"3012:TCP"= 3012:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"3111:TCP"= 3111:TCP:Akamai NetSession Interface
"1678:TCP"= 1678:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"3547:TCP"= 3547:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2023:TCP"= 2023:TCP:Akamai NetSession Interface
"1360:TCP"= 1360:TCP:Akamai NetSession Interface
"3864:TCP"= 3864:TCP:Akamai NetSession Interface
"1461:TCP"= 1461:TCP:Akamai NetSession Interface
"4599:TCP"= 4599:TCP:Akamai NetSession Interface
"2052:TCP"= 2052:TCP:Akamai NetSession Interface
"1083:TCP"= 1083:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"2038:TCP"= 2038:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"3464:TCP"= 3464:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"2586:TCP"= 2586:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"4624:TCP"= 4624:TCP:Akamai NetSession Interface
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"1316:TCP"= 1316:TCP:Akamai NetSession Interface
"1757:TCP"= 1757:TCP:Akamai NetSession Interface
"2409:TCP"= 2409:TCP:Akamai NetSession Interface
"2588:TCP"= 2588:TCP:Akamai NetSession Interface
"2649:TCP"= 2649:TCP:Akamai NetSession Interface
"1503:TCP"= 1503:TCP:Akamai NetSession Interface
"2107:TCP"= 2107:TCP:Akamai NetSession Interface
"2953:TCP"= 2953:TCP:Akamai NetSession Interface
"1613:TCP"= 1613:TCP:Akamai NetSession Interface
"1905:TCP"= 1905:TCP:Akamai NetSession Interface
"2385:TCP"= 2385:TCP:Akamai NetSession Interface
"3287:TCP"= 3287:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"1445:TCP"= 1445:TCP:Akamai NetSession Interface
"3320:TCP"= 3320:TCP:Akamai NetSession Interface
"4269:TCP"= 4269:TCP:Akamai NetSession Interface
"1382:TCP"= 1382:TCP:Akamai NetSession Interface
"2475:TCP"= 2475:TCP:Akamai NetSession Interface
"1522:TCP"= 1522:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2858:TCP"= 2858:TCP:Akamai NetSession Interface
"1689:TCP"= 1689:TCP:Akamai NetSession Interface
"2435:TCP"= 2435:TCP:Akamai NetSession Interface
"2639:TCP"= 2639:TCP:Akamai NetSession Interface
"3505:TCP"= 3505:TCP:Akamai NetSession Interface
"1402:TCP"= 1402:TCP:Akamai NetSession Interface
"1424:TCP"= 1424:TCP:Akamai NetSession Interface
"2134:TCP"= 2134:TCP:Akamai NetSession Interface
"2442:TCP"= 2442:TCP:Akamai NetSession Interface
"1108:TCP"= 1108:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"1682:TCP"= 1682:TCP:Akamai NetSession Interface
"1534:TCP"= 1534:TCP:Akamai NetSession Interface
"1568:TCP"= 1568:TCP:Akamai NetSession Interface
"1459:TCP"= 1459:TCP:Akamai NetSession Interface
"1582:TCP"= 1582:TCP:Akamai NetSession Interface
"1884:TCP"= 1884:TCP:Akamai NetSession Interface
"3158:TCP"= 3158:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"3549:TCP"= 3549:TCP:Akamai NetSession Interface
"1326:TCP"= 1326:TCP:Akamai NetSession Interface
"1231:TCP"= 1231:TCP:Akamai NetSession Interface
"1614:TCP"= 1614:TCP:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1617:TCP"= 1617:TCP:Akamai NetSession Interface
"2650:TCP"= 2650:TCP:Akamai NetSession Interface
"2776:TCP"= 2776:TCP:Akamai NetSession Interface
"2895:TCP"= 2895:TCP:Akamai NetSession Interface
"3019:TCP"= 3019:TCP:Akamai NetSession Interface
"3293:TCP"= 3293:TCP:Akamai NetSession Interface
"3334:TCP"= 3334:TCP:Akamai NetSession Interface
"3377:TCP"= 3377:TCP:Akamai NetSession Interface
"3595:TCP"= 3595:TCP:Akamai NetSession Interface
"1066:TCP"= 1066:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1805:TCP"= 1805:TCP:Akamai NetSession Interface
"1957:TCP"= 1957:TCP:Akamai NetSession Interface
"2282:TCP"= 2282:TCP:Akamai NetSession Interface
"2525:TCP"= 2525:TCP:Akamai NetSession Interface
"1243:TCP"= 1243:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"1347:TCP"= 1347:TCP:Akamai NetSession Interface
"1368:TCP"= 1368:TCP:Akamai NetSession Interface
"1395:TCP"= 1395:TCP:Akamai NetSession Interface
"1407:TCP"= 1407:TCP:Akamai NetSession Interface
"1468:TCP"= 1468:TCP:Akamai NetSession Interface
"1551:TCP"= 1551:TCP:Akamai NetSession Interface
"1737:TCP"= 1737:TCP:Akamai NetSession Interface
"1836:TCP"= 1836:TCP:Akamai NetSession Interface
"1899:TCP"= 1899:TCP:Akamai NetSession Interface
"1521:TCP"= 1521:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1396:TCP"= 1396:TCP:Akamai NetSession Interface
"1772:TCP"= 1772:TCP:Akamai NetSession Interface
"1305:TCP"= 1305:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"2735:TCP"= 2735:TCP:Akamai NetSession Interface
"2324:TCP"= 2324:TCP:Akamai NetSession Interface
"1408:TCP"= 1408:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"2137:TCP"= 2137:TCP:Akamai NetSession Interface
"3885:TCP"= 3885:TCP:Akamai NetSession Interface
"2724:TCP"= 2724:TCP:Akamai NetSession Interface
"3180:TCP"= 3180:TCP:Akamai NetSession Interface
"4952:TCP"= 4952:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"3966:TCP"= 3966:TCP:Akamai NetSession Interface
"7025:TCP"= 7025:TCP:oeidwz

R0 rmiybqql;rmiybqql;c:\windows\system32\drivers\rmiybqql.sys [12/3/2009 12:19 PM 40128]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [1/13/2005 8:44 AM 20480]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/16/2009 12:56 AM 673920]
R2 acssrv;Quick Heal Client Security Service;c:\progra~1\QUICKH~2\QUICKH~2\acs.exe [12/16/2009 12:55 AM 1224704]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [12/16/2009 12:53 AM 65016]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [12/16/2009 12:53 AM 28656]
R2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~2\QUICKH~1\opssvc.exe [12/16/2009 12:53 AM 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;c:\progra~1\QUICKH~2\QUICKH~1\EMLPROXY.EXE [12/16/2009 12:53 AM 50552]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~2\QUICKH~1\quhlpsvc.exe [12/16/2009 12:53 AM 58744]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/16/2009 12:56 AM 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/16/2009 12:57 AM 234640]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [10/21/2008 2:30 PM 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [10/21/2008 2:30 PM 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [10/21/2008 2:30 PM 60416]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS --> c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys --> c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/12/2005 4:56 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 4:08 PM 133104]
S2 gwgtie;Boot System;c:\windows\system32\svchost.exe -k netsvcs [1/12/2005 4:56 AM 14336]
S3 26300;26300;\??\c:\docume~1\Rohit\LOCALS~1\Temp\10463463\26300.sys --> c:\docume~1\Rohit\LOCALS~1\Temp\10463463\26300.sys [?]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 kernelx86;Kernel Debug Service;c:\windows\system32\drivers\kernelx86.sys [12/3/2009 12:18 PM 12136]
S3 musbehco;musbehco;\??\c:\docume~1\Rohit\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Rohit\LOCALS~1\Temp\musbehco.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS --> c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS [?]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [9/25/2005 3:49 PM 283392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gwgtie
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sify.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {D906B516-D0B7-4A00-82E9-F82E69A966B2} = 202.54.10.2,203.197.12.42
FF - ProfilePath - c:\documents and settings\Rohit\Application Data\Mozilla\Firefox\Profiles\12tnn9er.default\
FF - plugin: c:\documents and settings\Rohit\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-xoausuf - c:\documents and settings\Rohit\xoausuf.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASSEH.DLL
MSConfigStartUp-SUPERAntiSpyware - c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SUPERAntiSpyware.exe
AddRemove-KVUninstall - c:\windows\\register c:\windows\uninst16.exe
AddRemove-RealAudio Player 4.0 - c:\windows\RAUNINST.exe Software\Progressive Networks\RealAudio Player\4.0
AddRemove-Time Stopper2.00 - c:\windows\Time Stopper\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 12:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwgtie]
"ServiceDll"="c:\windows\system32\kxbvcgv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
@="Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:00003482
"Data05"=dword:00000000
"Data0C"=dword:00000708
"Data0E"=dword:00000258
"Data0F"=dword:00000384
"Data10"=dword:00000000
"Data11"=dword:00000000
"Data12"=dword:00000000
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000258
"Data0D"=dword:00000708
"Data17"=dword:00000000
"Data18"=dword:00000000
"Data19"=dword:00000000
"Data1A"=dword:00000000
"Data21"=dword:00000000
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:00000000
"Data27"=dword:00000004
"Data28"=dword:00000004
"Data29"=dword:00000004
"Data2A"=dword:00000004
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:00003482
"Data09"=dword:00000000
"Data80"="($\14ÿ˜\1f\0fG ¢‡tñÝÄÁì\12\0eû."
"Data85"="XTD¯iN>åÞÆ²4Ü\02ýl\1e"
"Data86"="HD³ŸY>®ÛÈÅ(\1d\06ñdaSü¡‹="
"Data87"="8³£I®žÂ·.\1d\06ñgd@ü¡‹="
"Data82"="\08\04Ò`\1aþn–‚{îãÇ}\"\1e\0c½fR\0d?¦ž"
"Data83"="÷ÒdP\0an^–†öÅ» \"\07ùh]\0d=£¢MuáœÎ¶."
"Data84"="ÆdT@y^N†òÒÑ´6Ü\02ýl\1eVBlž†~"
"Data88"="§£“¹žŽÂ+\1e\16ú-RN<m¥ŠwìÙŒ¾&\1e"
"Data89"="—“ƒï©Ž~2\1b\0e\06k\1dB>«]•zçÜÉ|.\16\0e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4²]•z°œÎ¶."
"Data8B"="wóãÏ‰íÝ\01\02sdB:lœƒ‚ÐÑ|.\16\0e"
"Data8C"="çãÓ¿øÝÍ\06rRQ4µ\\}ëÁ½+\1b\0dû-bC;™~â›Íµ-"
"Data8D"="×ÓÃ/èÍ½rW@1§¢L|ãâÁ&Û\0eõn"
"Data8E"="´\0aüíåM"
"Data8F"="·3#\0fÈ.\1eAB²£y¬ÜÃÂì!\0a»nVN"
"Data91"="\17\13\03o)\0eý¥‘Š}òÖŒ±-\1bÌóe\1cN6"
"Data92"="\07\03s_\19ým¥Š}õœÌ³2Ü\01ük[M<l•†{ñÌÇÀê\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data20"=dword:000618fc
"Data0A"=dword:00003482
"Data0B"=dword:00000000
"Data90"="8\10\07ýn\10\0b:¦ˆ:â×Ñ±3!\11¹qSVGi”‰|ßÎÉ¶7\0e\11õl[\09"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\oyopu.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\jfkrs]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{3509A1A3-B52A-B6F6-4F2F-526700056BCB}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\pjaou]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1876)
c:\windows\system32\msi.dll
c:\windows\System32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\progra~1\QUICKH~2\QUICKH~1\scanwscs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Billion\ADSL USB Modem\CnxDslTb.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\progra~1\QUICKH~2\QUICKH~1\OnlineNT.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-18 12:52:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 07:22
ComboFix2.txt 2009-05-01 10:29

Pre-Run: 51,313,903,616 bytes free
Post-Run: 51,210,230,784 bytes free

- - End Of File - - 5D3BEDB8A6C614BBAE88718D150C9202

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/18/2009 1:05 PM (GMT +3)

The following is the avenger log. All the data on my pc appears to have gone.[:(] Can it be recovered?

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\documents and settings\rohit" deleted successfully.
File "c:\windows\system32\qxzv18.exe@" deleted successfully.
File "c:\windows\system32\qxzv47.exe@" deleted successfully.
File "c:\windows\system32\drivers\rmiybqql.sys" deleted successfully.
File "c:\windows\system32\qxzv85.exe@" deleted successfully.
File "c:\windows\system32\drivers\kernelx86.sys" deleted successfully.
File "c:\windows\system32\kxbvcgv.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/19/2009 8:46 AM (GMT +3)

All the data on my pc appears to have gone

My bad. I´m very sorry blush

Try a systemrestore, and see if it get your data back ?

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/20/2009 10:18 AM (GMT +3)

Ok. I got most of my data back. It was stored in a folder called avenger in my C drive. (You were helping me so u dont have to be sorry). Pls help me fix the virus.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/20/2009 1:05 PM (GMT +3)

I got most of my data back

Good

Download these two tools:

http://www.ctrlaltdel.dk/programmer/tklog.zip

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

... and unzip both in to your desktop. Then double click on TKLog.bat. TDSSKiller will run and try to clean your computer. Following this will open up a log - Please copy the contents here, along with new combofix log

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/20/2009 5:41 PM (GMT +3)

The following are the logs of combofix and tdskiller respectively.

ComboFix 09-12-19.03 - Rohit 12/20/2009 19:53:10.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.209 [GMT 5.5:30]
Running from: c:\documents and settings\Rohit\My Documents\Downloads\KittyFix.exe
AV: Quick Heal 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-20 14:06 . 2009-12-20 14:06 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\WinZip
2009-12-20 07:50 . 2009-12-20 07:57 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Temp
2009-12-18 18:08 . 2009-12-18 18:08 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Yahoo
2009-12-18 10:26 . 2009-12-18 17:53 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Google
2009-12-18 10:07 . 2009-12-18 10:07 -------- d-----w- c:\documents and settings\Rohit\Application Data\PC Suite
2009-12-18 10:00 . 2009-12-18 10:00 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Mozilla
2009-12-18 09:48 . 2009-12-18 09:48 574 ----a-w- C:\cleanup.bat
2009-12-18 09:48 . 2009-12-18 09:48 135168 ----a-w- C:\zip.exe
2009-12-18 08:27 . 2009-12-18 08:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-12-17 17:21 . 2009-12-03 10:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 17:21 . 2009-12-03 10:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 19:27 . 2008-06-30 11:46 234640 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-12-15 19:26 . 2008-07-11 10:11 673920 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-12-15 19:26 . 2008-06-30 11:46 30864 ----a-w- c:\windows\system32\drivers\afw.sys
2009-12-15 19:25 . 2009-12-15 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Quick Heal
2009-12-15 19:23 . 2009-12-15 19:23 28656 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-12-15 19:23 . 2009-12-15 19:23 65016 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-12-15 19:23 . 2009-12-15 19:25 -------- d-----w- c:\program files\Quick Heal
2009-12-11 17:45 . 2009-12-11 17:46 -------- d-----w- c:\program files\Quick Heal PCTuner
2009-12-05 21:47 . 2009-12-05 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-12-03 06:48 . 2009-12-03 06:48 6144 ---ha-w- c:\documents and settings\NetworkService\tjvquhv.exe
2009-12-03 06:48 . 2009-12-03 06:48 212994 --sh--r- c:\windows\system32\wmirpcd.exe
2009-12-02 11:18 . 2009-12-17 23:10 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 08:01 . 2006-02-01 15:41 -------- d-----w- c:\program files\Google
2009-12-17 23:10 . 2006-07-28 17:57 -------- d-----w- c:\program files\Java
2009-12-17 22:38 . 2009-07-15 07:46 -------- d-----w- c:\program files\Fake Webcam
2009-12-02 09:04 . 2007-01-11 17:49 -------- d-----w- c:\program files\FlashGet
2009-11-02 23:25 . 2006-11-01 14:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Metacafe
2009-10-04 14:09 . 2009-10-04 14:09 95232 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 14:09 . 2009-10-04 14:09 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-04 14:08 . 2009-10-04 14:10 33773208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-10-04 13:16 . 2009-07-26 14:53 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 13:16 . 2009-07-26 14:53 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 13:16 . 2009-07-26 14:53 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2005-01-11 23:16 . 2002-01-01 02:40 21952 -c-ha-w- c:\program files\folder.htt
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys
[7] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-01_10.22.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-20 13:24 . 2009-12-20 13:24 16384 c:\windows\Temp\Perflib_Perfdata_340.dat
+ 2006-09-28 13:26 . 2008-01-18 19:07 55296 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 14:43 . 2008-01-18 19:07 87552 c:\windows\system32\WUDFCoinstaller.dll
+ 2008-07-29 15:40 . 2008-07-29 15:40 26112 c:\windows\system32\TsWpfWrp.exe
+ 2005-09-28 03:06 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2009-10-04 15:37 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-10-04 14:20 . 2008-03-21 08:27 14640 c:\windows\system32\spmsgXP_2k3.dll
+ 2008-03-31 15:45 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2009-06-27 10:10 . 2006-11-27 15:50 49152 c:\windows\system32\RegistrationLib193.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 80384 c:\windows\system32\rarv1032.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 80384 c:\windows\system32\rarv1032.dll
+ 2009-07-26 11:52 . 2009-07-26 11:52 61440 c:\windows\system32\RAOCX32.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 37888 c:\windows\system32\ra32sipr.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 37888 c:\windows\system32\ra32sipr.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 16896 c:\windows\system32\ra32rv10.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 16896 c:\windows\system32\ra32rv10.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 18944 c:\windows\system32\ra32dnet.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 18944 c:\windows\system32\ra32dnet.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 72192 c:\windows\system32\ra32clv1.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 72192 c:\windows\system32\ra32clv1.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 72704 c:\windows\system32\ra3228_8.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 72704 c:\windows\system32\ra3228_8.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 81920 c:\windows\system32\RA3214_4.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 81920 c:\windows\system32\RA3214_4.dll
+ 2008-07-29 14:29 . 2008-07-29 14:29 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2005-01-11 23:26 . 2009-07-23 09:33 68526 c:\windows\system32\perfc009.dat
+ 2009-07-26 14:56 . 2009-02-09 03:07 91136 c:\windows\system32\nmwcdcls.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 41984 c:\windows\system32\netfxperf.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 83968 c:\windows\system32\mscories.dll
+ 2009-05-11 20:30 . 2009-05-11 20:30 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-07-29 13:54 . 2008-07-29 13:54 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 13:54 . 2008-07-29 13:54 11264 c:\windows\system32\icardres.dll
+ 2008-07-29 15:40 . 2008-07-29 15:40 73720 c:\windows\system32\dxva2.dll
+ 2009-10-04 14:12 . 2008-08-26 04:56 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 22016 c:\windows\system32\DRVSTORE\ccdcmbo_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\ccdcmbo.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 91136 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdcls.dll
+ 2009-10-04 14:11 . 2009-02-09 03:07 17664 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\ccdcmb.sys
+ 2006-09-28 13:30 . 2008-01-18 17:23 83328 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 13:25 . 2008-01-18 17:22 77696 c:\windows\system32\drivers\WudfPf.sys
+ 2006-11-02 01:52 . 2008-03-27 10:57 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2009-10-04 14:12 . 2008-08-26 04:56 18816 c:\windows\system32\drivers\pccsmcfd.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 22016 c:\windows\system32\drivers\ccdcmbo.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 17664 c:\windows\system32\drivers\ccdcmb.sys
+ 2005-01-12 03:33 . 2004-08-04 06:08 26496 c:\windows\system32\dllcache\usbstor.sys
+ 2005-01-11 23:26 . 2004-08-04 07:56 98304 c:\windows\system32\dllcache\slbiop.dll
+ 2005-01-11 23:26 . 2004-08-04 07:56 69632 c:\windows\system32\dllcache\scarddlg.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2005-01-11 23:25 . 2004-08-04 07:56 21504 c:\windows\system32\dllcache\feclient.dll
+ 2005-01-12 16:25 . 2004-08-04 07:56 28672 c:\windows\system32\dllcache\dfsshlex.dll
+ 2005-01-12 16:25 . 2004-08-04 07:56 74752 c:\windows\system32\dllcache\cryptdlg.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 96760 c:\windows\system32\dfshim.dll
+ 1998-08-11 09:48 . 2009-07-26 11:52 61952 c:\windows\system32\decdnet.dll
- 1998-08-11 09:48 . 1998-08-11 09:48 61952 c:\windows\system32\decdnet.dll
+ 2009-07-26 11:52 . 2009-07-26 11:52 76800 c:\windows\RAUNINST.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 18:10 . 2008-07-29 18:10 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 18:10 . 2008-07-29 18:10 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 15:40 . 2008-07-29 15:40 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 14:29 . 2008-07-29 14:29 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 15:40 . 2008-07-29 15:40 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 14:02 . 2008-07-29 14:02 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 13:46 . 2008-07-29 13:46 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 05:47 . 2008-07-25 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 33792 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14352 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14344 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14376 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14352 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14384 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14344 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14344 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14344 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14904 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14360 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14336 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 14352 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-09-01 16:09 . 2008-09-01 16:09 68096 c:\windows\Installer\5c39a.msi
+ 2006-01-22 20:35 . 2006-01-22 20:35 81920 c:\windows\Installer\588768.msi
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\4a4146.msp
+ 2009-10-04 15:35 . 2009-10-04 15:35 88576 c:\windows\Installer\426af4.msi
+ 2009-11-03 09:45 . 2009-11-03 09:45 22528 c:\windows\Installer\330134.msi
+ 2009-12-11 17:46 . 2009-12-11 17:46 86358 c:\windows\Installer\{EB1756FF-6646-412A-A1A8-3F3CAF42BA29}\_EA8701B6D078E907B8960C.exe
+ 2009-12-18 08:31 . 2009-12-18 08:31 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 2009-12-20 08:02 . 2009-12-20 08:02 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-20 08:02 . 2009-12-20 08:02 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-20 08:02 . 2009-12-20 08:02 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-20 08:02 . 2009-12-20 08:02 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-20 08:02 . 2009-12-20 08:02 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-20 08:02 . 2009-12-20 08:02 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-20 08:02 . 2009-12-20 08:02 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-05 22:09 . 2009-12-05 22:09 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-10-04 15:42 . 2009-10-04 15:42 10134 c:\windows\Installer\{6EB6C056-02BB-453E-8448-EC90B9794180}\ARPPRODUCTICON.exe
+ 2009-10-04 14:15 . 2009-10-04 14:15 15086 c:\windows\Installer\{3D39E775-DDDA-4327-B747-0BDC5F191331}\ARPPRODUCTICON.exe
+ 2009-07-25 10:55 . 2009-07-25 10:55 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-10-04 14:12 . 2009-10-04 14:12 10134 c:\windows\Installer\{0C973594-7DDF-4BD0-84ED-3517F7622037}\ARPPRODUCTICON.exe
+ 2009-10-04 15:37 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-10-04 15:48 . 2009-10-04 15:48 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f5c0e1b77c840d99a68897898317b79\UIAutomationProvider.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2009-10-04 15:44 . 2009-10-04 15:44 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
+ 2009-10-04 15:43 . 2009-10-04 15:43 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\487c1bc20f6e73e8e79503898d17d102\PresentationCFFRasterizer.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2009-10-04 16:37 . 2009-10-04 16:37 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-10-04 15:41 . 2009-10-04 15:41 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-04 15:41 . 2009-10-04 15:41 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-10-04 15:41 . 2009-10-04 15:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-10-04 15:38 . 2009-10-04 15:38 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-04 14:21 . 2006-09-15 18:00 55296 c:\windows\$NtUninstallWudf01007$\wudfsvc.dll
+ 2009-10-04 14:21 . 2006-09-15 17:00 82688 c:\windows\$NtUninstallWudf01007$\wudfrd.sys
+ 2009-10-04 14:21 . 2006-09-15 16:59 76544 c:\windows\$NtUninstallWudf01007$\wudfpf.sys
+ 2009-10-04 14:21 . 2006-09-15 18:00 87040 c:\windows\$NtUninstallWudf01007$\wudfcoinstaller.dll
+ 2009-10-04 14:21 . 2008-01-18 17:23 72704 c:\windows\$NtUninstallWudf01007$\spuninst\WudfCustom.dll
+ 2009-10-04 13:25 . 2006-09-28 13:26 55808 c:\windows\$NtUninstallWudf01005$\wudfsvc.dll
+ 2009-10-04 13:25 . 2006-09-28 13:30 82944 c:\windows\$NtUninstallWudf01005$\wudfrd.sys
+ 2009-10-04 13:25 . 2006-09-28 13:25 77568 c:\windows\$NtUninstallWudf01005$\wudfpf.sys
+ 2009-10-04 13:25 . 2006-09-28 14:43 95344 c:\windows\$NtUninstallWudf01005$\wudfcoinstaller.dll
+ 2009-10-04 13:25 . 2006-09-15 17:00 70656 c:\windows\$NtUninstallWudf01005$\spuninst\WudfCustom.dll
+ 2009-10-04 14:19 . 2006-11-02 01:52 32224 c:\windows\$NtUninstallWdf01007$\wdfldr.sys
+ 2009-10-04 13:23 . 2006-11-02 01:52 51680 c:\windows\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-07-23 12:12 . 2009-07-23 18:57 2048 c:\windows\system32\Tr_sttool.dat
+ 2009-10-04 14:11 . 2009-03-19 09:18 8320 c:\windows\system32\DRVSTORE\nmwcdnsuc_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdnsuc.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 7808 c:\windows\system32\DRVSTORE\ccdcmbm_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\usbser_lowerflt.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 7808 c:\windows\system32\DRVSTORE\ccdcmbcj_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\usbser_lowerfltj.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 7808 c:\windows\system32\drivers\usbser_lowerfltj.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 7808 c:\windows\system32\drivers\usbser_lowerflt.sys
+ 2008-07-29 18:10 . 2008-07-29 18:10 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-10-04 14:11 . 2009-10-04 14:11 3262 c:\windows\Installer\{52D02A2B-03D2-4E34-A358-DC5D951FD296}\ARPPRODUCTICON.exe
+ 2009-10-04 15:40 . 2009-10-04 15:40 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-06 20:49 . 2007-11-06 20:49 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 20:49 . 2007-11-06 20:49 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 15:53 . 2007-11-06 15:53 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2009-07-19 12:12 . 2008-12-04 16:16 180224 c:\windows\system32\xvidvfw.dll
+ 2008-07-29 15:56 . 2008-07-29 15:56 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-10-04 15:37 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2006-09-28 13:26 . 2008-01-18 19:07 305152 c:\windows\system32\WUDFx.dll
+ 2006-09-28 13:26 . 2008-01-18 17:22 163840 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 13:26 . 2008-01-18 19:03 142336 c:\windows\system32\WudfHost.exe
+ 2006-10-24 07:00 . 2006-10-24 07:00 276992 c:\windows\system32\WMPhoto.dll
+ 2006-10-24 06:59 . 2006-10-24 06:59 352256 c:\windows\system32\WindowsCodecsExt.dll
+ 2006-10-24 07:00 . 2006-10-24 07:00 716288 c:\windows\system32\WindowsCodecs.dll
+ 2008-07-29 14:29 . 2008-07-29 14:29 161296 c:\windows\system32\UIAutomationCore.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-10-04 15:37 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2008-09-01 16:07 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-09-01 16:07 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2008-09-01 16:07 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 10:45 . 2006-08-24 10:45 150808 c:\windows\system32\rgb9rast_2.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-29 14:29 . 2008-07-29 14:29 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 14:29 . 2008-07-29 14:29 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2009-07-26 11:52 . 2009-07-26 11:52 464896 c:\windows\system32\pnui3240.dll
+ 2009-07-26 11:52 . 2009-07-26 11:52 279552 c:\windows\system32\pnen3240.dll
+ 2006-10-24 07:00 . 2006-10-24 07:00 412160 c:\windows\system32\photometadatahandler.dll
+ 2005-01-11 23:26 . 2009-07-23 09:33 434972 c:\windows\system32\perfh009.dat
+ 2009-10-04 14:11 . 2009-02-09 03:07 659968 c:\windows\system32\nmwcdcocls.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 282112 c:\windows\system32\mscoree.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-12-17 23:10 . 2009-12-17 23:10 149280 c:\windows\system32\javaws.exe
+ 2009-12-17 23:10 . 2009-12-17 23:10 145184 c:\windows\system32\javaw.exe
+ 2009-12-17 23:10 . 2009-12-17 23:10 145184 c:\windows\system32\java.exe
+ 2008-07-29 13:54 . 2008-07-29 13:54 622080 c:\windows\system32\icardagt.exe
+ 2005-01-11 23:34 . 2009-10-04 15:59 118952 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 15:40 . 2008-07-29 15:40 493048 c:\windows\system32\evr.dll
+ 2009-10-04 14:12 . 2009-05-11 08:00 547840 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\PCCSWpdDriver.dll
+ 2009-10-04 14:11 . 2009-03-19 09:18 136704 c:\windows\system32\DRVSTORE\nmwcdnsu_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdnsu.sys
+ 2009-10-04 14:11 . 2009-02-09 03:07 659968 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdcocls.dll
+ 2006-11-02 01:52 . 2008-03-27 10:57 503008 c:\windows\system32\drivers\wdf01000.sys
+ 2009-05-11 08:00 . 2009-05-11 08:00 547840 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2005-01-11 23:26 . 2004-08-04 07:56 433664 c:\windows\system32\dllcache\wiaacmgr.exe
+ 2005-01-11 23:26 . 2004-08-04 07:56 275456 c:\windows\system32\dllcache\ulib.dll
+ 2005-01-12 16:52 . 2004-08-04 07:56 679936 c:\windows\system32\dllcache\sstext3d.scr
+ 2005-01-11 23:26 . 2004-08-04 05:31 306176 c:\windows\system32\dllcache\slbcsp.dll
+ 2005-01-12 16:49 . 2004-08-04 07:56 171008 c:\windows\system32\dllcache\sccsccp.dll
+ 2005-01-12 16:49 . 2002-08-29 05:27 169984 c:\windows\system32\dllcache\sccbase.dll
+ 2005-01-12 16:48 . 2004-08-04 07:56 146432 c:\windows\system32\dllcache\regedit.exe
+ 2009-10-04 15:37 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
+ 2002-08-28 22:11 . 2004-08-03 19:26 423936 c:\windows\system32\dllcache\licdll.dll
+ 2005-01-11 23:25 . 2004-08-04 07:56 147456 c:\windows\system32\dllcache\initpki.dll
+ 2005-01-11 23:25 . 2004-08-04 06:14 143360 c:\windows\system32\dllcache\fastfat.sys
+ 2005-01-12 16:25 . 2004-08-04 07:56 181760 c:\windows\system32\dllcache\dinput8.dll
+ 2009-05-02 20:03 . 2009-05-02 20:02 388608 c:\windows\system32\CF13082.exe
+ 2009-07-23 12:12 . 2009-07-23 12:12 192512 c:\windows\system32\bsrmgps.dll
+ 2009-07-23 12:12 . 2009-07-23 12:12 692224 c:\windows\system32\bsrmgcv.dll
+ 2009-07-23 12:11 . 2009-07-23 12:11 147456 c:\windows\system32\bsratwmv.dll
+ 2009-07-23 12:11 . 2009-07-23 12:11 585728 c:\windows\system32\bsratswf.dll
+ 2008-07-29 18:10 . 2008-07-29 18:10 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 18:10 . 2008-07-29 18:10 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 13:17 . 2008-07-29 13:17 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 13:17 . 2008-07-29 13:17 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 17:45 . 2008-07-29 17:45 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 18:10 . 2008-07-29 18:10 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 18:10 . 2008-07-29 18:10 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 14:29 . 2008-07-29 14:29 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 15:40 . 2008-07-29 15:40 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 13:46 . 2008-07-29 13:46 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 13:46 . 2008-07-29 13:46 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 13:46 . 2008-07-29 13:46 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 13:54 . 2008-07-29 13:54 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 13:46 . 2008-07-29 13:46 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 438272 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 367104 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 998408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 05:46 . 2008-07-25 05:46 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2009-07-26 14:54 . 2009-07-26 14:54 163840 c:\windows\Installer\c625d.msi
+ 2008-01-31 14:12 . 2008-01-31 14:12 331264 c:\windows\Installer\ab110b.msi
+ 2009-12-11 17:46 . 2009-12-11 17:46 393216 c:\windows\Installer\9a1b5.msi
+ 2006-03-16 14:56 . 2006-03-16 14:56 864768 c:\windows\Installer\8e0ffe.msi
+ 2008-09-01 16:12 . 2008-09-01 16:12 472576 c:\windows\Installer\5c42b.msi
+ 2008-09-01 16:12 . 2008-09-01 16:12 913920 c:\windows\Installer\5c424.msi
+ 2008-09-01 16:10 . 2008-09-01 16:10 514560 c:\windows\Installer\5c3ca.msi
+ 2008-09-01 16:10 . 2008-09-01 16:10 425472 c:\windows\Installer\5c3c0.msi
+ 2009-02-13 15:00 . 2009-02-13 15:00 252416 c:\windows\Installer\55dd7.msi
+ 2009-02-13 15:00 . 2009-02-13 15:00 239616 c:\windows\Installer\55dd1.msi
+ 2009-02-13 15:00 . 2009-02-13 15:00 325120 c:\windows\Installer\55dcc.msi
+ 2009-02-13 15:00 . 2009-02-13 15:00 676352 c:\windows\Installer\55dc6.msi
+ 2009-02-13 14:57 . 2009-02-13 14:57 312320 c:\windows\Installer\55dc1.msi
+ 2009-02-13 14:57 . 2009-02-13 14:57 491008 c:\windows\Installer\55dbc.msi
+ 2009-02-13 14:56 . 2009-02-13 14:56 898560 c:\windows\Installer\55db7.msi
+ 2009-02-13 14:56 . 2009-02-13 14:56 586240 c:\windows\Installer\55dac.msi
+ 2009-02-13 14:56 . 2009-02-13 14:56 121344 c:\windows\Installer\55da4.msi
+ 2009-02-13 14:56 . 2009-02-13 14:56 426496 c:\windows\Installer\55d9f.msi
+ 2009-02-13 14:56 . 2009-02-13 14:56 452608 c:\windows\Installer\55d98.msi
+ 2009-02-13 14:56 . 2009-02-13 14:56 600576 c:\windows\Installer\55d8f.msi
+ 2009-02-13 14:55 . 2009-02-13 14:55 532480 c:\windows\Installer\55d88.msi
+ 2009-02-13 14:55 . 2009-02-13 14:55 646656 c:\windows\Installer\55d82.msi
+ 2009-02-13 14:55 . 2009-02-13 14:55 121344 c:\windows\Installer\55d71.msi
+ 2009-02-13 14:55 . 2009-02-13 14:55 628736 c:\windows\Installer\55d6c.msi
+ 2009-02-13 14:55 . 2009-02-13 14:55 526336 c:\windows\Installer\55d61.msi
+ 2009-02-13 14:55 . 2009-02-13 14:55 121344 c:\windows\Installer\55d5c.msi
+ 2009-02-13 14:55 . 2009-02-13 14:55 306688 c:\windows\Installer\55d57.msi
+ 2009-02-13 14:54 . 2009-02-13 14:54 811520 c:\windows\Installer\55d52.msi
+ 2009-02-13 14:54 . 2009-02-13 14:54 326144 c:\windows\Installer\55d4d.msi
+ 2009-02-13 14:54 . 2009-02-13 14:54 500736 c:\windows\Installer\55d48.msi
+ 2009-02-13 14:54 . 2009-02-13 14:54 391168 c:\windows\Installer\55d43.msi
+ 2009-02-13 14:54 . 2009-02-13 14:54 592384 c:\windows\Installer\55d3e.msi
+ 2009-10-04 15:41 . 2009-10-04 15:41 648192 c:\windows\Installer\4c9201.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\4a414f.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\4a414d.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\4a414b.msp
+ 2009-10-04 15:39 . 2009-10-04 15:39 137728 c:\windows\Installer\4a4145.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\426af9.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\426af7.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\426af6.msp
+ 2009-10-04 14:15 . 2009-10-04 14:15 850432 c:\windows\Installer\2d0579.msi
+ 2009-10-04 14:12 . 2009-10-04 14:12 549888 c:\windows\Installer\2d04e2.msi
+ 2009-10-04 14:11 . 2009-10-04 14:11 331264 c:\windows\Installer\2d04ad.msi
+ 2005-01-11 18:24 . 2005-01-11 18:24 264704 c:\windows\Installer\2803c.msi
+ 2009-12-17 23:10 . 2009-12-17 23:10 537600 c:\windows\Installer\133773.msi
+ 2009-12-18 08:31 . 2009-12-18 08:31 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-10-06 07:49 . 2009-12-18 09:58 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-10-06 07:49 . 2006-10-06 07:49 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-10-04 15:37 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2007-09-17 13:50 . 2005-04-03 20:37 982016 c:\windows\Downloaded Installations\{78F4DFCE-1336-4027-BCB2-1A00C24A8653}\ISScript11.Msi
+ 2009-10-04 16:37 . 2009-10-04 16:37 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
+ 2009-10-04 15:48 . 2009-10-04 15:48 239616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a18dff8832712a0f6cccaaefbcc45861\WindowsFormsIntegration.ni.dll
+ 2009-10-04 15:48 . 2009-10-04 15:48 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dbb2fcd246efaf3df823410597cd1677\UIAutomationTypes.ni.dll
+ 2009-10-04 15:48 . 2009-10-04 15:48 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d255ab525d10d8fefe5df9ba092b2df8\UIAutomationClient.ni.dll
+ 2009-10-04 16:42 . 2009-10-04 16:42 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 858112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 620032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2009-10-04 15:47 . 2009-10-04 15:47 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2009-10-04 16:39 . 2009-10-04 16:39 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 140800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 632832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2009-10-04 16:37 . 2009-10-04 16:37 255488 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2009-10-04 15:45 . 2009-10-04 15:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ef1a93d10c3a91b728745dbfcc79c2c7\PresentationFramework.Classic.ni.dll
+ 2009-10-04 15:45 . 2009-10-04 15:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
+ 2009-10-04 15:45 . 2009-10-04 15:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e71fd0d299c5668c96a54e4a63479fa\PresentationFramework.Aero.ni.dll
+ 2009-10-04 15:45 . 2009-10-04 15:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\79c2fd29b1e46c943960278051b4e1b9\PresentationFramework.Royale.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2009-10-04 16:37 . 2009-10-04 16:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2009-10-04 16:37 . 2009-10-04 16:37 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-04 15:41 . 2009-10-04 15:41 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-10-04 15:41 . 2009-10-04 15:41 225280 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-10-04 14:21 . 2006-09-15 18:00 308224 c:\windows\$NtUninstallWudf01007$\wudfx.dll
+ 2009-10-04 14:21 . 2006-09-15 16:59 163840 c:\windows\$NtUninstallWudf01007$\wudfplatform.dll
+ 2009-10-04 14:21 . 2006-09-15 18:00 142848 c:\windows\$NtUninstallWudf01007$\wudfhost.exe
+ 2009-10-04 14:21 . 2008-03-21 08:27 379184 c:\windows\$NtUninstallWudf01007$\spuninst\updspapi.dll
+ 2009-10-04 14:21 . 2008-03-21 08:27 221488 c:\windows\$NtUninstallWudf01007$\spuninst\spuninst.exe
+ 2009-10-04 13:25 . 2006-09-28 13:26 316416 c:\windows\$NtUninstallWudf01005$\wudfx.dll
+ 2009-10-04 13:25 . 2006-09-28 13:26 165376 c:\windows\$NtUninstallWudf01005$\wudfplatform.dll
+ 2009-10-04 13:25 . 2006-09-28 13:26 146432 c:\windows\$NtUninstallWudf01005$\wudfhost.exe
+ 2009-10-04 13:25 . 2006-09-15 21:32 379184 c:\windows\$NtUninstallWudf01005$\spuninst\updspapi.dll
+ 2009-10-04 13:25 . 2006-09-15 21:32 221488 c:\windows\$NtUninstallWudf01005$\spuninst\spuninst.exe
+ 2009-10-04 15:29 . 2006-10-16 10:40 379184 c:\windows\$NtUninstallWIC$\spuninst\updspapi.dll
+ 2009-10-04 15:29 . 2006-10-16 10:40 221488 c:\windows\$NtUninstallWIC$\spuninst\spuninst.exe
+ 2009-10-04 14:19 . 2006-11-02 01:52 492000 c:\windows\$NtUninstallWdf01007$\wdf01000.sys
+ 2009-10-04 14:19 . 2008-03-21 08:27 379184 c:\windows\$NtUninstallWdf01007$\spuninst\updspapi.dll
+ 2009-10-04 14:19 . 2008-03-21 08:27 221488 c:\windows\$NtUninstallWdf01007$\spuninst\spuninst.exe
+ 2009-10-04 13:23 . 2006-10-08 16:21 379184 c:\windows\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2009-10-04 13:23 . 2006-10-08 16:21 221488 c:\windows\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2009-10-04 15:36 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2009-05-11 07:17 . 2009-05-11 07:17 1302600 c:\windows\system32\WUDFUpdate_01007.dll
+ 2005-01-12 16:54 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2009-10-04 14:11 . 2009-02-09 03:02 1112288 c:\windows\system32\wdfcoinstaller01007.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-10-04 15:37 . 2008-07-06 12:06 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-10-04 15:36 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-04 14:12 . 2009-05-11 07:17 1302600 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\WUDFUpdate_01007.dll
+ 2009-10-04 14:11 . 2009-02-09 03:02 1112288 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\wdfcoinstaller01007.dll
+ 2009-10-04 15:36 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2005-01-12 19:13 . 2004-08-04 07:56 1179648 c:\windows\system32\dllcache\d3d8.dll
+ 2005-01-12 16:54 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-07-29 18:10 . 2008-07-29 18:10 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 13:17 . 2008-07-29 13:17 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 13:17 . 2008-07-29 13:17 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 18:10 . 2008-07-29 18:10 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-29 14:29 . 2008-07-29 14:29 1738760 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 15:40 . 2008-07-29 15:40 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 15:40 . 2008-07-29 15:40 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-29 13:46 . 2008-07-29 13:46 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 05:47 . 2008-07-25 05:47 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 5238784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 5815296 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-07-25 05:47 . 2008-07-25 05:47 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 05:46 . 2008-07-25 05:46 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-01 11:38 . 2008-12-01 11:38 3258368 c:\windows\Installer\defe4.msi
+ 2007-09-17 16:26 . 2007-09-17 16:26 3197952 c:\windows\Installer\cd6b14.msi
+ 2007-09-17 16:25 . 2007-09-17 16:25 7958016 c:\windows\Installer\cd6a90.msi
+ 2006-10-06 07:49 . 2006-10-06 07:49 3485184 c:\windows\Installer\65c62.msi
+ 2006-06-20 05:37 . 2006-06-20 05:37 9136128 c:\windows\Installer\554aa8.msp
+ 2006-06-26 06:47 . 2006-06-26 06:47 2658304 c:\windows\Installer\554a9f.msp
+ 2009-10-04 15:42 . 2009-10-04 15:42 4982784 c:\windows\Installer\4c9218.msi
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows\Installer\4a414e.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows\Installer\4a414c.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows\Installer\4a414a.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows\Installer\4a4149.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows\Installer\4a4148.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows\Installer\4a4147.msp
+ 2009-02-02 10:19 . 2009-02-02 10:19 1894400 c:\windows\Installer\4878a4.msi
+ 2004-10-08 04:15 . 2004-10-08 04:15 1451008 c:\windows\Installer\46ef15.msi
+ 2009-12-18 08:31 . 2009-12-18 08:31 1544192 c:\windows\Installer\460a9d.msi
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows\Installer\426afd.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows\Installer\426afc.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows\Installer\426afb.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows\Installer\426afa.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows\Installer\426af8.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows\Installer\426af5.msp
+ 2009-12-20 08:02 . 2009-12-20 08:02 1262080 c:\windows\Installer\32e60d.msi
+ 2007-09-17 13:50 . 2005-09-16 04:45 9926144 c:\windows\Downloaded Installations\{78F4DFCE-1336-4027-BCB2-1A00C24A8653}\iTunes.msi
+ 2009-10-04 15:44 . 2009-10-04 15:44 3311104 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
+ 2009-10-04 15:48 . 2009-10-04 15:48 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8698f073a59ef0db10a3258b1f1deaee\UIAutomationClientsideProviders.ni.dll
+ 2009-10-04 15:43 . 2009-10-04 15:43 7867392 c:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
+ 2009-10-04 15:48 . 2009-10-04 15:48 5449728 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
+ 2009-10-04 16:42 . 2009-10-04 16:42 1355264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
+ 2009-10-04 16:42 . 2009-10-04 16:42 1904128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 4510720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 2989568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
+ 2009-10-04 15:47 . 2009-10-04 15:47 1912832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2e7a6c977ac9f8d46ebe2982697a0c8d\System.Speech.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
+ 2009-10-04 15:47 . 2009-10-04 15:47 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\db428f231a2ccaf490ae219efd2edc69\System.Printing.ni.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
+ 2009-10-04 15:47 . 2009-10-04 15:47 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2009-10-04 15:46 . 2009-10-04 15:46 6614016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 2508800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
+ 2009-10-04 15:46 . 2009-10-04 15:46 2510848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll
+ 2009-10-04 16:39 . 2009-10-04 16:39 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
+ 2009-10-04 15:46 . 2009-10-04 15:46 2294784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
+ 2009-10-04 15:46 . 2009-10-04 15:46 2125824 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5c59991df60164cae10fd81b88a8e5b1\ReachFramework.ni.dll
+ 2009-10-04 15:45 . 2009-10-04 15:45 1656832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\87fb973e4ab6a21fd00e45656fa7c115\PresentationUI.ni.dll
+ 2009-10-04 15:43 . 2009-10-04 15:43 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b6bfb51dec7f8cc42c21c5928470c773\PresentationBuildTasks.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 1711104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-04 16:40 . 2009-10-04 16:40 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-04 16:38 . 2009-10-04 16:38 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-10-04 15:34 . 2009-10-04 15:34 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-04 15:41 . 2009-10-04 15:41 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-04 15:40 . 2009-10-04 15:40 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-10-04 15:33 . 2009-10-04 15:33 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-04 15:38 . 2009-10-04 15:38 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-10-04 15:35 . 2009-10-04 15:35 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-04-30 11:47 . 2002-07-02 04:38 1325568 c:\windows\$NtServicePackUninstall$\webfldrs.msi
+ 2007-09-17 13:43 . 2007-09-17 13:43 35885568 c:\windows\Downloaded Installations\{B9C0ED57-3C59-4B31-9AE9-50E12D0357DD}\iPod for Windows 2005-09-23.msi
+ 2009-10-04 15:47 . 2009-10-04 15:47 12428800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
+ 2009-10-04 16:41 . 2009-10-04 16:41 11791360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2009-10-04 16:37 . 2009-10-04 16:37 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
+ 2009-10-04 15:47 . 2009-10-04 15:47 10681344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
+ 2009-10-04 15:45 . 2009-10-04 15:45 14320128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
+ 2009-10-04 15:44 . 2009-10-04 15:44 12213248 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
+ 2009-10-04 15:42 . 2009-10-04 15:42 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Billion\ADSL USB Modem\CnxDslTb.exe Billion\ADSL USB Modem" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-08-02 86016]
"DSLAGENTEXE"="c:\program files\Huawei\MT841\dslagent.exe" [2004-08-25 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-23 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Email Protection"="c:\progra~1\QUICKH~2\QUICKH~1\EMLPROUI.EXE" [2009-12-15 267640]
"Update Scheduler"="c:\progra~1\QUICKH~2\QUICKH~1\UPSCHD.EXE" [2009-12-15 95608]
"On-Line Protection"="c:\progra~1\QUICKH~2\QUICKH~1\cateye.exe" [2009-12-15 206200]
"Startup Scan"="c:\progra~1\QUICKH~2\QUICKH~1\Sensor.EXE" [2009-12-15 144760]
"ResumeQuickupDownload"="c:\progra~1\QUICKH~2\QUICKH~1\acappaa.exe" [2009-12-15 95608]
"Quick Heal Monitor"="c:\progra~1\QUICKH~2\QUICKH~2\op_mon.exe" [2008-07-31 1941504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 149280]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rmiybqql.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^D-Link AirPlus G+ Wireless Adapter Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\D-Link AirPlus G+ Wireless Adapter Utility.lnk
backup=c:\windows\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^salesdesk.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\salesdesk.lnk
backup=c:\windows\pss\salesdesk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-07 11:25 267064 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 13:20 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rediff Messenger]
2006-04-11 06:56 3041456 ----a-w- c:\program files\Rediff Bol\RediffMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Huawei\\MT841\\dslagent.exe"=
"c:\\Program Files\\Rediff Bol\\RediffMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Rediff Bol\\AppWorkingDir\\Client\\Video\\Talk&See.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wmirpcd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1584:TCP"= 1584:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1329:TCP"= 1329:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"2876:TCP"= 2876:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"1530:TCP"= 1530:TCP:Akamai NetSession Interface
"1933:TCP"= 1933:TCP:Akamai NetSession Interface
"4404:TCP"= 4404:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"4309:TCP"= 4309:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1299:TCP"= 1299:TCP:Akamai NetSession Interface
"3419:TCP"= 3419:TCP:Akamai NetSession Interface
"3774:TCP"= 3774:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2157:TCP"= 2157:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"2304:TCP"= 2304:TCP:Akamai NetSession Interface
"1236:TCP"= 1236:TCP:Akamai NetSession Interface
"1843:TCP"= 1843:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"2658:TCP"= 2658:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1463:TCP"= 1463:TCP:Akamai NetSession Interface
"2031:TCP"= 2031:TCP:Akamai NetSession Interface
"1393:TCP"= 1393:TCP:Akamai NetSession Interface
"4592:TCP"= 4592:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"2035:TCP"= 2035:TCP:Akamai NetSession Interface
"1338:TCP"= 1338:TCP:Akamai NetSession Interface
"3060:TCP"= 3060:TCP:Akamai NetSession Interface
"3137:TCP"= 3137:TCP:Akamai NetSession Interface
"1172:TCP"= 1172:TCP:Akamai NetSession Interface
"4821:TCP"= 4821:TCP:Akamai NetSession Interface
"4394:TCP"= 4394:TCP:Akamai NetSession Interface
"2354:TCP"= 2354:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"1206:TCP"= 1206:TCP:Akamai NetSession Interface
"1296:TCP"= 1296:TCP:Akamai NetSession Interface
"2421:TCP"= 2421:TCP:Akamai NetSession Interface
"2433:TCP"= 2433:TCP:Akamai NetSession Interface
"2736:TCP"= 2736:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1401:TCP"= 1401:TCP:Akamai NetSession Interface
"1797:TCP"= 1797:TCP:Akamai NetSession Interface
"1807:TCP"= 1807:TCP:Akamai NetSession Interface
"2480:TCP"= 2480:TCP:Akamai NetSession Interface
"3636:TCP"= 3636:TCP:Akamai NetSession Interface
"3669:TCP"= 3669:TCP:Akamai NetSession Interface
"3796:TCP"= 3796:TCP:Akamai NetSession Interface
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"1446:TCP"= 1446:TCP:Akamai NetSession Interface
"1622:TCP"= 1622:TCP:Akamai NetSession Interface
"1126:TCP"= 1126:TCP:Akamai NetSession Interface
"3806:TCP"= 3806:TCP:Akamai NetSession Interface
"2066:TCP"= 2066:TCP:Akamai NetSession Interface
"1695:TCP"= 1695:TCP:Akamai NetSession Interface
"3432:TCP"= 3432:TCP:Akamai NetSession Interface
"1920:TCP"= 1920:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1263:TCP"= 1263:TCP:Akamai NetSession Interface
"1532:TCP"= 1532:TCP:Akamai NetSession Interface
"3491:TCP"= 3491:TCP:Akamai NetSession Interface
"3504:TCP"= 3504:TCP:Akamai NetSession Interface
"3517:TCP"= 3517:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1114:TCP"= 1114:TCP:Akamai NetSession Interface
"2333:TCP"= 2333:TCP:Akamai NetSession Interface
"2446:TCP"= 2446:TCP:Akamai NetSession Interface
"2459:TCP"= 2459:TCP:Akamai NetSession Interface
"2781:TCP"= 2781:TCP:Akamai NetSession Interface
"3202:TCP"= 3202:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"2114:TCP"= 2114:TCP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4305:TCP"= 4305:TCP:Akamai NetSession Interface
"4336:TCP"= 4336:TCP:Akamai NetSession Interface
"4367:TCP"= 4367:TCP:Akamai NetSession Interface
"4403:TCP"= 4403:TCP:Akamai NetSession Interface
"1345:TCP"= 1345:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1323:TCP"= 1323:TCP:Akamai NetSession Interface
"1339:TCP"= 1339:TCP:Akamai NetSession Interface
"2046:TCP"= 2046:TCP:Akamai NetSession Interface
"2061:TCP"= 2061:TCP:Akamai NetSession Interface
"2618:TCP"= 2618:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"3351:TCP"= 3351:TCP:Akamai NetSession Interface
"3027:TCP"= 3027:TCP:Akamai NetSession Interface
"3189:TCP"= 3189:TCP:Akamai NetSession Interface
"3204:TCP"= 3204:TCP:Akamai NetSession Interface
"3225:TCP"= 3225:TCP:Akamai NetSession Interface
"1416:TCP"= 1416:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1989:TCP"= 1989:TCP:Akamai NetSession Interface
"4729:TCP"= 4729:TCP:Akamai NetSession Interface
"1365:TCP"= 1365:TCP:Akamai NetSession Interface
"1697:TCP"= 1697:TCP:Akamai NetSession Interface
"1711:TCP"= 1711:TCP:Akamai NetSession Interface
"1727:TCP"= 1727:TCP:Akamai NetSession Interface
"2041:TCP"= 2041:TCP:Akamai NetSession Interface
"2053:TCP"= 2053:TCP:Akamai NetSession Interface
"2064:TCP"= 2064:TCP:Akamai NetSession Interface
"2077:TCP"= 2077:TCP:Akamai NetSession Interface
"2088:TCP"= 2088:TCP:Akamai NetSession Interface
"2098:TCP"= 2098:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"2133:TCP"= 2133:TCP:Akamai NetSession Interface
"2143:TCP"= 2143:TCP:Akamai NetSession Interface
"2167:TCP"= 2167:TCP:Akamai NetSession Interface
"2184:TCP"= 2184:TCP:Akamai NetSession Interface
"2195:TCP"= 2195:TCP:Akamai NetSession Interface
"2212:TCP"= 2212:TCP:Akamai NetSession Interface
"2222:TCP"= 2222:TCP:Akamai NetSession Interface
"2245:TCP"= 2245:TCP:Akamai NetSession Interface
"2318:TCP"= 2318:TCP:Akamai NetSession Interface
"2329:TCP"= 2329:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"2355:TCP"= 2355:TCP:Akamai NetSession Interface
"2366:TCP"= 2366:TCP:Akamai NetSession Interface
"2377:TCP"= 2377:TCP:Akamai NetSession Interface
"1817:TCP"= 1817:TCP:Akamai NetSession Interface
"1827:TCP"= 1827:TCP:Akamai NetSession Interface
"1845:TCP"= 1845:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"1866:TCP"= 1866:TCP:Akamai NetSession Interface
"1878:TCP"= 1878:TCP:Akamai NetSession Interface
"1431:TCP"= 1431:TCP:Akamai NetSession Interface
"1636:TCP"= 1636:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"2835:TCP"= 2835:TCP:Akamai NetSession Interface
"2890:TCP"= 2890:TCP:Akamai NetSession Interface
"2838:TCP"= 2838:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1501:TCP"= 1501:TCP:Akamai NetSession Interface
"1607:TCP"= 1607:TCP:Akamai NetSession Interface
"1647:TCP"= 1647:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"3472:TCP"= 3472:TCP:Akamai NetSession Interface
"3535:TCP"= 3535:TCP:Akamai NetSession Interface
"3576:TCP"= 3576:TCP:Akamai NetSession Interface
"3671:TCP"= 3671:TCP:Akamai NetSession Interface
"3741:TCP"= 3741:TCP:Akamai NetSession Interface
"3801:TCP"= 3801:TCP:Akamai NetSession Interface
"3953:TCP"= 3953:TCP:Akamai NetSession Interface
"4466:TCP"= 4466:TCP:Akamai NetSession Interface
"2043:TCP"= 2043:TCP:Akamai NetSession Interface
"2102:TCP"= 2102:TCP:Akamai NetSession Interface
"2623:TCP"= 2623:TCP:Akamai NetSession Interface
"3012:TCP"= 3012:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"3111:TCP"= 3111:TCP:Akamai NetSession Interface
"1678:TCP"= 1678:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"3547:TCP"= 3547:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2023:TCP"= 2023:TCP:Akamai NetSession Interface
"1360:TCP"= 1360:TCP:Akamai NetSession Interface
"3864:TCP"= 3864:TCP:Akamai NetSession Interface
"1461:TCP"= 1461:TCP:Akamai NetSession Interface
"4599:TCP"= 4599:TCP:Akamai NetSession Interface
"2052:TCP"= 2052:TCP:Akamai NetSession Interface
"1083:TCP"= 1083:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"2038:TCP"= 2038:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"3464:TCP"= 3464:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"2586:TCP"= 2586:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"4624:TCP"= 4624:TCP:Akamai NetSession Interface
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"1316:TCP"= 1316:TCP:Akamai NetSession Interface
"1757:TCP"= 1757:TCP:Akamai NetSession Interface
"2409:TCP"= 2409:TCP:Akamai NetSession Interface
"2588:TCP"= 2588:TCP:Akamai NetSession Interface
"2649:TCP"= 2649:TCP:Akamai NetSession Interface
"1503:TCP"= 1503:TCP:Akamai NetSession Interface
"2107:TCP"= 2107:TCP:Akamai NetSession Interface
"2953:TCP"= 2953:TCP:Akamai NetSession Interface
"1613:TCP"= 1613:TCP:Akamai NetSession Interface
"1905:TCP"= 1905:TCP:Akamai NetSession Interface
"2385:TCP"= 2385:TCP:Akamai NetSession Interface
"3287:TCP"= 3287:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"1445:TCP"= 1445:TCP:Akamai NetSession Interface
"3320:TCP"= 3320:TCP:Akamai NetSession Interface
"4269:TCP"= 4269:TCP:Akamai NetSession Interface
"1382:TCP"= 1382:TCP:Akamai NetSession Interface
"2475:TCP"= 2475:TCP:Akamai NetSession Interface
"1522:TCP"= 1522:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2858:TCP"= 2858:TCP:Akamai NetSession Interface
"1689:TCP"= 1689:TCP:Akamai NetSession Interface
"2435:TCP"= 2435:TCP:Akamai NetSession Interface
"2639:TCP"= 2639:TCP:Akamai NetSession Interface
"3505:TCP"= 3505:TCP:Akamai NetSession Interface
"1402:TCP"= 1402:TCP:Akamai NetSession Interface
"1424:TCP"= 1424:TCP:Akamai NetSession Interface
"2134:TCP"= 2134:TCP:Akamai NetSession Interface
"2442:TCP"= 2442:TCP:Akamai NetSession Interface
"1108:TCP"= 1108:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"1682:TCP"= 1682:TCP:Akamai NetSession Interface
"1534:TCP"= 1534:TCP:Akamai NetSession Interface
"1568:TCP"= 1568:TCP:Akamai NetSession Interface
"1459:TCP"= 1459:TCP:Akamai NetSession Interface
"1582:TCP"= 1582:TCP:Akamai NetSession Interface
"1884:TCP"= 1884:TCP:Akamai NetSession Interface
"3158:TCP"= 3158:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"3549:TCP"= 3549:TCP:Akamai NetSession Interface
"1326:TCP"= 1326:TCP:Akamai NetSession Interface
"1231:TCP"= 1231:TCP:Akamai NetSession Interface
"1614:TCP"= 1614:TCP:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1617:TCP"= 1617:TCP:Akamai NetSession Interface
"2650:TCP"= 2650:TCP:Akamai NetSession Interface
"2776:TCP"= 2776:TCP:Akamai NetSession Interface
"2895:TCP"= 2895:TCP:Akamai NetSession Interface
"3019:TCP"= 3019:TCP:Akamai NetSession Interface
"3293:TCP"= 3293:TCP:Akamai NetSession Interface
"3334:TCP"= 3334:TCP:Akamai NetSession Interface
"3377:TCP"= 3377:TCP:Akamai NetSession Interface
"3595:TCP"= 3595:TCP:Akamai NetSession Interface
"1066:TCP"= 1066:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1805:TCP"= 1805:TCP:Akamai NetSession Interface
"1957:TCP"= 1957:TCP:Akamai NetSession Interface
"2282:TCP"= 2282:TCP:Akamai NetSession Interface
"2525:TCP"= 2525:TCP:Akamai NetSession Interface
"1243:TCP"= 1243:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"1347:TCP"= 1347:TCP:Akamai NetSession Interface
"1368:TCP"= 1368:TCP:Akamai NetSession Interface
"1395:TCP"= 1395:TCP:Akamai NetSession Interface
"1407:TCP"= 1407:TCP:Akamai NetSession Interface
"1468:TCP"= 1468:TCP:Akamai NetSession Interface
"1551:TCP"= 1551:TCP:Akamai NetSession Interface
"1737:TCP"= 1737:TCP:Akamai NetSession Interface
"1836:TCP"= 1836:TCP:Akamai NetSession Interface
"1899:TCP"= 1899:TCP:Akamai NetSession Interface
"1521:TCP"= 1521:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1396:TCP"= 1396:TCP:Akamai NetSession Interface
"1772:TCP"= 1772:TCP:Akamai NetSession Interface
"1305:TCP"= 1305:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"2735:TCP"= 2735:TCP:Akamai NetSession Interface
"2324:TCP"= 2324:TCP:Akamai NetSession Interface
"1408:TCP"= 1408:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"2137:TCP"= 2137:TCP:Akamai NetSession Interface
"3885:TCP"= 3885:TCP:Akamai NetSession Interface
"2724:TCP"= 2724:TCP:Akamai NetSession Interface
"3180:TCP"= 3180:TCP:Akamai NetSession Interface
"4952:TCP"= 4952:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"3966:TCP"= 3966:TCP:Akamai NetSession Interface
"7025:TCP"= 7025:TCP:oeidwz

R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [1/13/2005 8:44 AM 20480]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/16/2009 12:56 AM 673920]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [12/16/2009 12:53 AM 65016]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [12/16/2009 12:53 AM 28656]
R2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~2\QUICKH~1\opssvc.exe [12/16/2009 12:53 AM 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;c:\progra~1\QUICKH~2\QUICKH~1\EMLPROXY.EXE [12/16/2009 12:53 AM 50552]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~2\QUICKH~1\quhlpsvc.exe [12/16/2009 12:53 AM 58744]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/16/2009 12:56 AM 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/16/2009 12:57 AM 234640]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [10/21/2008 2:30 PM 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [10/21/2008 2:30 PM 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [10/21/2008 2:30 PM 60416]
S0 rmiybqql;rmiybqql;c:\windows\system32\Drivers\rmiybqql.sys --> c:\windows\system32\Drivers\rmiybqql.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS --> c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys --> c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys [?]
S2 acssrv;Quick Heal Client Security Service;c:\progra~1\QUICKH~2\QUICKH~2\acs.exe [12/16/2009 12:55 AM 1224704]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/12/2005 4:56 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 4:08 PM 133104]
S2 gwgtie;Boot System;c:\windows\system32\svchost.exe -k netsvcs [1/12/2005 4:56 AM 14336]
S3 26300;26300;\??\c:\docume~1\Rohit\LOCALS~1\Temp\10463463\26300.sys --> c:\docume~1\Rohit\LOCALS~1\Temp\10463463\26300.sys [?]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 kernelx86;Kernel Debug Service;\??\c:\windows\system32\drivers\kernelx86.sys --> c:\windows\system32\drivers\kernelx86.sys [?]
S3 musbehco;musbehco;\??\c:\docume~1\Rohit\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Rohit\LOCALS~1\Temp\musbehco.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS --> c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS [?]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [9/25/2005 3:49 PM 283392]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD
*Deregistered* - KLMD

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gwgtie
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {BC932995-54C4-47DE-A831-A190379746C1} = 202.54.10.9 202.54.29.5
TCP: {D906B516-D0B7-4A00-82E9-F82E69A966B2} = 202.54.10.2,203.197.12.42
FF - ProfilePath - c:\documents and settings\Rohit\Application Data\Mozilla\Firefox\Profiles\ctie2vkh.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 20:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwgtie]
"ServiceDll"="c:\windows\system32\kxbvcgv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
@="Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:00003482
"Data05"=dword:00000000
"Data0C"=dword:00000708
"Data0E"=dword:00000258
"Data0F"=dword:00000384
"Data10"=dword:00000000
"Data11"=dword:00000000
"Data12"=dword:00000000
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000258
"Data0D"=dword:00000708
"Data17"=dword:00000000
"Data18"=dword:00000000
"Data19"=dword:00000000
"Data1A"=dword:00000000
"Data21"=dword:00000000
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:00000000
"Data27"=dword:00000004
"Data28"=dword:00000004
"Data29"=dword:00000004
"Data2A"=dword:00000004
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:00003482
"Data09"=dword:00000000
"Data80"="($\14ÿ˜\1f\0fG ¢‡tñÝÄÁì\12\0eû."
"Data85"="XTD¯iN>åÞÆ²4Ü\02ýl\1e"
"Data86"="HD³ŸY>®ÛÈÅ(\1d\06ñdaSü¡‹="
"Data87"="8³£I®žÂ·.\1d\06ñgd@ü¡‹="
"Data82"="\08\04Ò`\1aþn–‚{îãÇ}\"\1e\0c½fR\0d?¦ž"
"Data83"="÷ÒdP\0an^–†öÅ» \"\07ùh]\0d=£¢MuáœÎ¶."
"Data84"="ÆdT@y^N†òÒÑ´6Ü\02ýl\1eVBlž†~"
"Data88"="§£“¹žŽÂ+\1e\16ú-RN<m¥ŠwìÙŒ¾&\1e"
"Data89"="—“ƒï©Ž~2\1b\0e\06k\1dB>«]•zçÜÉ|.\16\0e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4²]•z°œÎ¶."
"Data8B"="wóãÏ‰íÝ\01\02sdB:lœƒ‚ÐÑ|.\16\0e"
"Data8C"="çãÓ¿øÝÍ\06rRQ4µ\\}ëÁ½+\1b\0dû-bC;™~â›Íµ-"
"Data8D"="×ÓÃ/èÍ½rW@1§¢L|ãâÁ&Û\0eõn"
"Data8E"="´\0aüíåM"
"Data8F"="·3#\0fÈ.\1eAB²£y¬ÜÃÂì!\0a»nVN"
"Data91"="\17\13\03o)\0eý¥‘Š}òÖŒ±-\1bÌóe\1cN6"
"Data92"="\07\03s_\19ým¥Š}õœÌ³2Ü\01ük[M<l•†{ñÌÇÀê\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data20"=dword:000618fc
"Data0A"=dword:00003482
"Data0B"=dword:00000000
"Data90"="8\10\07ýn\10\0b:¦ˆ:â×Ñ±3!\11¹qSVGi”‰|ßÎÉ¶7\0e\11õl[\09"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\oyopu.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\jfkrs]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{3509A1A3-B52A-B6F6-4F2F-526700056BCB}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\pjaou]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
Completion time: 2009-12-20 20:07:38
ComboFix-quarantined-files.txt 2009-12-20 14:37
ComboFix2.txt 2009-12-18 07:22
ComboFix3.txt 2009-05-01 10:29

Pre-Run: 50,848,009,728 bytes free
Post-Run: 50,858,498,560 bytes free

- - End Of File - - DC38E3D4B8668FED0A6898C19AF10272
------------------------------------------------------------------------------------

Host Name: NITINHOME
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Uniprocessor Free
Registered Owner: Nitin
Registered Organization: ITM
Product ID: 55274-640-3583565-23120
Original Install Date: 1/11/2005, 11:50:43 PM
System Up Time: 0 Days, 0 Hours, 45 Minutes, 29 Seconds
System Manufacturer: System Manufacturer
System Model: System Name
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 6 Model 8 Stepping 1 AuthenticAMD ~1250 Mhz
BIOS Version: ASUS - 42302e31
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi
Total Physical Memory: 512 MB
Available Physical Memory: 207 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,006 MB
Virtual Memory: In Use: 42 MB
Page File Location(s): C:\pagefile.sys
Domain: HOME
Logon Server: \\NITINHOME
Hotfix(s): 165 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: Q147222
[79]: KB834707-IE6-20040929.115007 - Update
[80]: KB889293-IE6SP1-20041111.235619 - Update
[81]: KB896727-IE6SP1-20050719.165959 - Update
[82]: KB905915-IE6SP1-20051122.175908 - Update
[83]: KB912812-IE6SP1-20060322.182418 - Update
[84]: KB911567-OE6SP1-20060316.165634 - Update
[85]: KB911565
[86]: KB917734_WMP10
[87]: MSCompPackV1 - Update
[88]: KB811113 - Service Pack
[89]: KB873333 - Update
[90]: KB873339 - Update
[91]: KB885250 - Update
[92]: KB885835 - Update
[93]: KB885836 - Update
[94]: KB885884 - Update
[95]: KB886185 - Update
[96]: KB887472 - Update
[97]: KB887742 - Update
[98]: KB888113 - Update
[99]: KB888302 - Update
[100]: KB890046 - Update
[101]: KB890175 - Update
[102]: KB890859 - Update
[103]: KB891781 - Update
[104]: KB893066 - Update
[105]: KB893086 - Update
[106]: KB893756 - Update
[107]: KB893803v2 - Update
[108]: KB894391 - Update
[109]: KB896358 - Update
[110]: KB896422 - Update
[111]: KB896423 - Update
[112]: KB896424 - Update
[113]: KB896428 - Update
[114]: KB898461 - Update
[115]: KB899587 - Update
[116]: KB899588 - Update
[117]: KB899589 - Update
[118]: KB899591 - Update
[119]: KB900485 - Update
[120]: KB900725 - Update
[121]: KB901017 - Update
[122]: KB901214 - Update
[123]: KB902400 - Update
[124]: KB904706 - Update
[125]: KB905414 - Update
[126]: KB905749 - Update
[127]: KB908519 - Update
[128]: KB908531 - Update
[129]: KB910437 - Update
[130]: KB911280 - Update
[131]: KB911562 - Update
[132]: KB911567 - Update
[133]: KB911927 - Update
[134]: KB912812 - Update
[135]: KB912919 - Update
[136]: KB913446 - Update
[137]: KB913580 - Update
[138]: KB914388 - Update
[139]: KB914389 - Update
[140]: KB916281 - Update
[141]: KB916595 - Update
[142]: KB917159 - Update
[143]: KB917344 - Update
[144]: KB917422 - Update
[145]: KB917953 - Update
[146]: KB918439 - Update
[147]: KB918899 - Update
[148]: KB919007 - Update
[149]: KB920214 - Update
[150]: KB920670 - Update
[151]: KB920683 - Update
[152]: KB920685 - Update
[153]: KB920872 - Update
[154]: KB921398 - Update
[155]: KB921883 - Update
[156]: KB922582 - Update
[157]: KB922616 - Update
[158]: KB922819 - Update
[159]: KB923191 - Update
[160]: KB923414 - Update
[161]: KB924191 - Update
[162]: KB924496 - Update
[163]: KB925486 - Update
[164]: KB926239 - Update
[165]: KB954550-v5 - Update
NetWork Card(s): 1 NIC(s) Installed.
[01]: VIA Rhine II Fast Ethernet Adapter
Connection Name: Local Area Connection
DHCP Enabled: No
IP address(es)
[01]: 192.168.1.2
19:39:3:281 1628 ForceUnloadDriver: NtUnloadDriver error 2
19:39:3:343 1628 ForceUnloadDriver: NtUnloadDriver error 2
19:39:3:406 1628 ForceUnloadDriver: NtUnloadDriver error 2
19:39:3:421 1628 main: Driver KLMD successfully dropped
19:39:3:562 1628 main: Driver KLMD successfully loaded
19:39:3:562 1628
Scanning Registry ...
19:39:3:593 1628 ScanServices: Searching service UACd.sys
19:39:3:593 1628 ScanServices: Open/Create key error 2
19:39:3:593 1628 ScanServices: Searching service TDSSserv.sys
19:39:3:593 1628 ScanServices: Open/Create key error 2
19:39:3:593 1628 ScanServices: Searching service gaopdxserv.sys
19:39:3:593 1628 ScanServices: Open/Create key error 2
19:39:3:593 1628 ScanServices: Searching service gxvxcserv.sys
19:39:3:593 1628 ScanServices: Open/Create key error 2
19:39:3:593 1628 ScanServices: Searching service MSIVXserv.sys
19:39:3:593 1628 ScanServices: Open/Create key error 2
19:39:3:593 1628 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
19:39:3:625 1628 UnhookRegistry: Kernel local addr: 9D0000
19:39:3:625 1628 UnhookRegistry: KeServiceDescriptorTable addr: A52480
19:39:3:765 1628 UnhookRegistry: KiServiceTable addr: 9DB6A8
19:39:3:765 1628 UnhookRegistry: NtEnumerateKey service number (local): 47
19:39:3:765 1628 UnhookRegistry: NtEnumerateKey local addr: A67E68
19:39:3:781 1628 KLMD_OpenDevice: Trying to open KLMD device
19:39:3:781 1628 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
19:39:3:781 1628 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
19:39:3:781 1628 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]
19:39:3:781 1628 UnhookRegistry: NtEnumerateKey service number (kernel): 47
19:39:3:781 1628 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]
19:39:3:781 1628 UnhookRegistry: NtEnumerateKey real addr: 8056EE68
19:39:3:781 1628 UnhookRegistry: NtEnumerateKey calc addr: 8056EE68
19:39:3:781 1628 UnhookRegistry: No SDT hooks found on NtEnumerateKey
19:39:3:781 1628 KLMD_ReadMem: Trying to ReadMemory 0x8056EE68[0xA]
19:39:3:781 1628 UnhookRegistry: No splicing found on NtEnumerateKey
19:39:3:781 1628
Scanning Kernel memory ...
19:39:3:781 1628 KLMD_OpenDevice: Trying to open KLMD device
19:39:3:781 1628 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
19:39:3:781 1628 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
19:39:3:781 1628 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8238CA08
19:39:3:781 1628 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
19:39:3:781 1628 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 823969F0
19:39:3:781 1628 KLMD_GetLowerDeviceObject: Trying to get lower device object for 823969F0
19:39:3:781 1628 KLMD_ReadMem: Trying to ReadMemory 0x823969F0[0x38]
19:39:3:781 1628 DetectCureTDL3: DRIVER_OBJECT addr: 8238CA08
19:39:3:781 1628 KLMD_ReadMem: Trying to ReadMemory 0x8238CA08[0xA8]
19:39:3:796 1628 KLMD_ReadMem: Trying to ReadMemory 0xE10051E8[0x208]
19:39:3:796 1628 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:39:3:796 1628 DetectCureTDL3: IrpHandler (0) addr: F857BC30
19:39:3:796 1628 DetectCureTDL3: IrpHandler (1) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (2) addr: F857BC30
19:39:3:796 1628 DetectCureTDL3: IrpHandler (3) addr: F8575D9B
19:39:3:796 1628 DetectCureTDL3: IrpHandler (4) addr: F8575D9B
19:39:3:796 1628 DetectCureTDL3: IrpHandler (5) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (6) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (7) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (8) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (9) addr: F8576366
19:39:3:796 1628 DetectCureTDL3: IrpHandler (10) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (11) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (12) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (13) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (14) addr: F857644D
19:39:3:796 1628 DetectCureTDL3: IrpHandler (15) addr: F8579FC3
19:39:3:796 1628 DetectCureTDL3: IrpHandler (16) addr: F8576366
19:39:3:796 1628 DetectCureTDL3: IrpHandler (17) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (18) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (19) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (20) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (21) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (22) addr: F8577EF3
19:39:3:796 1628 DetectCureTDL3: IrpHandler (23) addr: F857CA24
19:39:3:796 1628 DetectCureTDL3: IrpHandler (24) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (25) addr: 805031BE
19:39:3:796 1628 DetectCureTDL3: IrpHandler (26) addr: 805031BE
19:39:3:796 1628 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
19:39:3:796 1628 KLMD_ReadMem: DeviceIoControl error 1
19:39:3:796 1628 TDL3_StartIoHookDetect: Unable to get StartIo handler code
19:39:3:796 1628 TDL3_FileDetect: Processing driver: Disk
19:39:3:796 1628 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
19:39:3:796 1628 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
19:39:3:796 1628 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
19:39:3:843 1628 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82367AB8
19:39:3:843 1628 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82367AB8
19:39:3:843 1628 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 823CCF18
19:39:3:843 1628 KLMD_GetLowerDeviceObject: Trying to get lower device object for 823CCF18
19:39:3:843 1628 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8238FD98
19:39:3:843 1628 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8238FD98
19:39:3:843 1628 KLMD_ReadMem: Trying to ReadMemory 0x8238FD98[0x38]
19:39:3:843 1628 DetectCureTDL3: DRIVER_OBJECT addr: 823CEB60
19:39:3:843 1628 KLMD_ReadMem: Trying to ReadMemory 0x823CEB60[0xA8]
19:39:3:843 1628 KLMD_ReadMem: Trying to ReadMemory 0xE1005A98[0x208]
19:39:3:843 1628 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
19:39:3:843 1628 DetectCureTDL3: IrpHandler (0) addr: F8482572
19:39:3:843 1628 DetectCureTDL3: IrpHandler (1) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (2) addr: F8482572
19:39:3:843 1628 DetectCureTDL3: IrpHandler (3) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (4) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (5) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (6) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (7) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (8) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (9) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (10) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (11) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (12) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (13) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (14) addr: F8482592
19:39:3:843 1628 DetectCureTDL3: IrpHandler (15) addr: F847E7B4
19:39:3:843 1628 DetectCureTDL3: IrpHandler (16) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (17) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (18) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (19) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (20) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (21) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (22) addr: F84825BC
19:39:3:843 1628 DetectCureTDL3: IrpHandler (23) addr: F8489164
19:39:3:843 1628 DetectCureTDL3: IrpHandler (24) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (25) addr: 805031BE
19:39:3:843 1628 DetectCureTDL3: IrpHandler (26) addr: 805031BE
19:39:3:843 1628 KLMD_ReadMem: Trying to ReadMemory 0xF847F7C6[0x400]
19:39:3:843 1628 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 229, 0
19:39:3:843 1628 TDL3_FileDetect: Processing driver: atapi
19:39:3:843 1628 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
19:39:3:843 1628 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
19:39:3:843 1628 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
19:39:3:906 1628
Completed

Results:
19:39:3:906 1628 Infected objects in memory: 0
19:39:3:906 1628 Cured objects in memory: 0
19:39:3:906 1628 Infected objects on disk: 0
19:39:3:906 1628 Objects on disk cured on reboot: 0
19:39:3:906 1628 Objects on disk deleted on reboot: 0
19:39:3:906 1628 Registry nodes deleted on reboot: 0
19:39:3:906 1628

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/21/2009 10:07 AM (GMT +3)

Open notepad and copy/paste the bold text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop

Code:

Killall::

Snapshot::

File::
c:\windows\system32\Drivers\rmiybqql.sys

c:\docume~1\Rohit\LOCALS~1\Temp\10463463\26300.sys

c:\docume~1\Rohit\LOCALS~1\Temp\musbehco.sys

c:\windows\system32\kxbvcgv.dll

Filelook::

c:\windows\system32\drivers\kernelx86.sys

Dirlook::

c:\docume~1\Rohit\LOCALS~1\Temp\10463463

Driver::

Rmiybqql

26300

musbehco

Registry::

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwgtie]
"ServiceDll"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwgtie]

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/21/2009 7:53 PM (GMT +3)

Ok. I have done that. The following is the new combofix log.

ComboFix 09-12-20.08 - Rohit 12/21/2009 22:00:26.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.238 [GMT 5.5:30]
Running from: c:\documents and settings\Rohit\Desktop\KittyFix.exe
Command switches used :: c:\documents and settings\Rohit\Desktop\CFScript.txt
AV: Quick Heal 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

FILE ::
"c:\docume~1\Rohit\LOCALS~1\Temp\10463463\26300.sys"
"c:\docume~1\Rohit\LOCALS~1\Temp\musbehco.sys"
"c:\windows\system32\Drivers\rmiybqql.sys"
"c:\windows\system32\kxbvcgv.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_26300
-------\Legacy_MUSBEHCO
-------\Legacy_RMIYBQQL
-------\Service_26300
-------\Service_musbehco
-------\Service_rmiybqql

((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-20 14:51 . 2009-12-20 14:51 18864 ----a-w- c:\documents and settings\Rohit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-20 14:47 . 2009-12-20 14:47 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Identities
2009-12-20 14:06 . 2009-12-20 14:06 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\WinZip
2009-12-20 07:50 . 2009-12-20 07:57 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Temp
2009-12-18 18:08 . 2009-12-18 18:08 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Yahoo
2009-12-18 10:26 . 2009-12-18 17:53 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Google
2009-12-18 10:07 . 2009-12-18 10:07 -------- d-----w- c:\documents and settings\Rohit\Application Data\PC Suite
2009-12-18 10:00 . 2009-12-18 10:00 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Mozilla
2009-12-18 09:48 . 2009-12-18 09:48 574 ----a-w- C:\cleanup.bat
2009-12-18 09:48 . 2009-12-18 09:48 135168 ----a-w- C:\zip.exe
2009-12-18 08:27 . 2009-12-18 08:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-12-17 17:21 . 2009-12-03 10:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 17:21 . 2009-12-03 10:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 19:27 . 2008-06-30 11:46 234640 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-12-15 19:26 . 2008-07-11 10:11 673920 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-12-15 19:26 . 2008-06-30 11:46 30864 ----a-w- c:\windows\system32\drivers\afw.sys
2009-12-15 19:25 . 2009-12-15 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Quick Heal
2009-12-15 19:23 . 2009-12-15 19:23 28656 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-12-15 19:23 . 2009-12-15 19:23 65016 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-12-15 19:23 . 2009-12-15 19:25 -------- d-----w- c:\program files\Quick Heal
2009-12-11 17:45 . 2009-12-11 17:46 -------- d-----w- c:\program files\Quick Heal PCTuner
2009-12-05 21:47 . 2009-12-05 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-12-03 06:48 . 2009-12-03 06:48 6144 ---ha-w- c:\documents and settings\NetworkService\tjvquhv.exe
2009-12-03 06:48 . 2009-12-03 06:48 212994 --sh--r- c:\windows\system32\wmirpcd.exe
2009-12-02 11:18 . 2009-12-17 23:10 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 08:01 . 2006-02-01 15:41 -------- d-----w- c:\program files\Google
2009-12-17 23:10 . 2006-07-28 17:57 -------- d-----w- c:\program files\Java
2009-12-17 22:38 . 2009-07-15 07:46 -------- d-----w- c:\program files\Fake Webcam
2009-12-02 09:04 . 2007-01-11 17:49 -------- d-----w- c:\program files\FlashGet
2009-11-02 23:25 . 2006-11-01 14:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Metacafe
2009-10-04 14:09 . 2009-10-04 14:09 95232 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 14:09 . 2009-10-04 14:09 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-04 14:08 . 2009-10-04 14:10 33773208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-10-04 13:16 . 2009-07-26 14:53 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 13:16 . 2009-07-26 14:53 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 13:16 . 2009-07-26 14:53 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2005-01-11 23:16 . 2002-01-01 02:40 21952 -c-ha-w- c:\program files\folder.htt
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\Rohit\LOCALS~1\Temp\10463463 ----

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys
[7] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Billion\ADSL USB Modem\CnxDslTb.exe Billion\ADSL USB Modem" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-08-02 86016]
"DSLAGENTEXE"="c:\program files\Huawei\MT841\dslagent.exe" [2004-08-25 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-23 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Email Protection"="c:\progra~1\QUICKH~2\QUICKH~1\EMLPROUI.EXE" [2009-12-15 267640]
"Update Scheduler"="c:\progra~1\QUICKH~2\QUICKH~1\UPSCHD.EXE" [2009-12-15 95608]
"On-Line Protection"="c:\progra~1\QUICKH~2\QUICKH~1\cateye.exe" [2009-12-15 206200]
"Startup Scan"="c:\progra~1\QUICKH~2\QUICKH~1\Sensor.EXE" [2009-12-15 144760]
"ResumeQuickupDownload"="c:\progra~1\QUICKH~2\QUICKH~1\acappaa.exe" [2009-12-15 95608]
"Quick Heal Monitor"="c:\progra~1\QUICKH~2\QUICKH~2\op_mon.exe" [2008-07-31 1941504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Startup Scan"="c:\progra~1\QUICKH~2\QUICKH~1\Sensor.EXE" [2009-12-15 144760]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^D-Link AirPlus G+ Wireless Adapter Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\D-Link AirPlus G+ Wireless Adapter Utility.lnk
backup=c:\windows\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^salesdesk.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\salesdesk.lnk
backup=c:\windows\pss\salesdesk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-07 11:25 267064 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 13:20 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rediff Messenger]
2006-04-11 06:56 3041456 ----a-w- c:\program files\Rediff Bol\RediffMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Huawei\\MT841\\dslagent.exe"=
"c:\\Program Files\\Rediff Bol\\RediffMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Rediff Bol\\AppWorkingDir\\Client\\Video\\Talk&See.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wmirpcd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1584:TCP"= 1584:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1329:TCP"= 1329:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"2876:TCP"= 2876:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"1530:TCP"= 1530:TCP:Akamai NetSession Interface
"1933:TCP"= 1933:TCP:Akamai NetSession Interface
"4404:TCP"= 4404:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"4309:TCP"= 4309:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1299:TCP"= 1299:TCP:Akamai NetSession Interface
"3419:TCP"= 3419:TCP:Akamai NetSession Interface
"3774:TCP"= 3774:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2157:TCP"= 2157:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"2304:TCP"= 2304:TCP:Akamai NetSession Interface
"1236:TCP"= 1236:TCP:Akamai NetSession Interface
"1843:TCP"= 1843:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"2658:TCP"= 2658:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1463:TCP"= 1463:TCP:Akamai NetSession Interface
"2031:TCP"= 2031:TCP:Akamai NetSession Interface
"1393:TCP"= 1393:TCP:Akamai NetSession Interface
"4592:TCP"= 4592:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"2035:TCP"= 2035:TCP:Akamai NetSession Interface
"1338:TCP"= 1338:TCP:Akamai NetSession Interface
"3060:TCP"= 3060:TCP:Akamai NetSession Interface
"3137:TCP"= 3137:TCP:Akamai NetSession Interface
"1172:TCP"= 1172:TCP:Akamai NetSession Interface
"4821:TCP"= 4821:TCP:Akamai NetSession Interface
"4394:TCP"= 4394:TCP:Akamai NetSession Interface
"2354:TCP"= 2354:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"1206:TCP"= 1206:TCP:Akamai NetSession Interface
"1296:TCP"= 1296:TCP:Akamai NetSession Interface
"2421:TCP"= 2421:TCP:Akamai NetSession Interface
"2433:TCP"= 2433:TCP:Akamai NetSession Interface
"2736:TCP"= 2736:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1401:TCP"= 1401:TCP:Akamai NetSession Interface
"1797:TCP"= 1797:TCP:Akamai NetSession Interface
"1807:TCP"= 1807:TCP:Akamai NetSession Interface
"2480:TCP"= 2480:TCP:Akamai NetSession Interface
"3636:TCP"= 3636:TCP:Akamai NetSession Interface
"3669:TCP"= 3669:TCP:Akamai NetSession Interface
"3796:TCP"= 3796:TCP:Akamai NetSession Interface
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"1446:TCP"= 1446:TCP:Akamai NetSession Interface
"1622:TCP"= 1622:TCP:Akamai NetSession Interface
"1126:TCP"= 1126:TCP:Akamai NetSession Interface
"3806:TCP"= 3806:TCP:Akamai NetSession Interface
"2066:TCP"= 2066:TCP:Akamai NetSession Interface
"1695:TCP"= 1695:TCP:Akamai NetSession Interface
"3432:TCP"= 3432:TCP:Akamai NetSession Interface
"1920:TCP"= 1920:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1263:TCP"= 1263:TCP:Akamai NetSession Interface
"1532:TCP"= 1532:TCP:Akamai NetSession Interface
"3491:TCP"= 3491:TCP:Akamai NetSession Interface
"3504:TCP"= 3504:TCP:Akamai NetSession Interface
"3517:TCP"= 3517:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1114:TCP"= 1114:TCP:Akamai NetSession Interface
"2333:TCP"= 2333:TCP:Akamai NetSession Interface
"2446:TCP"= 2446:TCP:Akamai NetSession Interface
"2459:TCP"= 2459:TCP:Akamai NetSession Interface
"2781:TCP"= 2781:TCP:Akamai NetSession Interface
"3202:TCP"= 3202:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"2114:TCP"= 2114:TCP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4305:TCP"= 4305:TCP:Akamai NetSession Interface
"4336:TCP"= 4336:TCP:Akamai NetSession Interface
"4367:TCP"= 4367:TCP:Akamai NetSession Interface
"4403:TCP"= 4403:TCP:Akamai NetSession Interface
"1345:TCP"= 1345:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1323:TCP"= 1323:TCP:Akamai NetSession Interface
"1339:TCP"= 1339:TCP:Akamai NetSession Interface
"2046:TCP"= 2046:TCP:Akamai NetSession Interface
"2061:TCP"= 2061:TCP:Akamai NetSession Interface
"2618:TCP"= 2618:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"3351:TCP"= 3351:TCP:Akamai NetSession Interface
"3027:TCP"= 3027:TCP:Akamai NetSession Interface
"3189:TCP"= 3189:TCP:Akamai NetSession Interface
"3204:TCP"= 3204:TCP:Akamai NetSession Interface
"3225:TCP"= 3225:TCP:Akamai NetSession Interface
"1416:TCP"= 1416:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1989:TCP"= 1989:TCP:Akamai NetSession Interface
"4729:TCP"= 4729:TCP:Akamai NetSession Interface
"1365:TCP"= 1365:TCP:Akamai NetSession Interface
"1697:TCP"= 1697:TCP:Akamai NetSession Interface
"1711:TCP"= 1711:TCP:Akamai NetSession Interface
"1727:TCP"= 1727:TCP:Akamai NetSession Interface
"2041:TCP"= 2041:TCP:Akamai NetSession Interface
"2053:TCP"= 2053:TCP:Akamai NetSession Interface
"2064:TCP"= 2064:TCP:Akamai NetSession Interface
"2077:TCP"= 2077:TCP:Akamai NetSession Interface
"2088:TCP"= 2088:TCP:Akamai NetSession Interface
"2098:TCP"= 2098:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"2133:TCP"= 2133:TCP:Akamai NetSession Interface
"2143:TCP"= 2143:TCP:Akamai NetSession Interface
"2167:TCP"= 2167:TCP:Akamai NetSession Interface
"2184:TCP"= 2184:TCP:Akamai NetSession Interface
"2195:TCP"= 2195:TCP:Akamai NetSession Interface
"2212:TCP"= 2212:TCP:Akamai NetSession Interface
"2222:TCP"= 2222:TCP:Akamai NetSession Interface
"2245:TCP"= 2245:TCP:Akamai NetSession Interface
"2318:TCP"= 2318:TCP:Akamai NetSession Interface
"2329:TCP"= 2329:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"2355:TCP"= 2355:TCP:Akamai NetSession Interface
"2366:TCP"= 2366:TCP:Akamai NetSession Interface
"2377:TCP"= 2377:TCP:Akamai NetSession Interface
"1817:TCP"= 1817:TCP:Akamai NetSession Interface
"1827:TCP"= 1827:TCP:Akamai NetSession Interface
"1845:TCP"= 1845:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"1866:TCP"= 1866:TCP:Akamai NetSession Interface
"1878:TCP"= 1878:TCP:Akamai NetSession Interface
"1431:TCP"= 1431:TCP:Akamai NetSession Interface
"1636:TCP"= 1636:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"2835:TCP"= 2835:TCP:Akamai NetSession Interface
"2890:TCP"= 2890:TCP:Akamai NetSession Interface
"2838:TCP"= 2838:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1501:TCP"= 1501:TCP:Akamai NetSession Interface
"1607:TCP"= 1607:TCP:Akamai NetSession Interface
"1647:TCP"= 1647:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"3472:TCP"= 3472:TCP:Akamai NetSession Interface
"3535:TCP"= 3535:TCP:Akamai NetSession Interface
"3576:TCP"= 3576:TCP:Akamai NetSession Interface
"3671:TCP"= 3671:TCP:Akamai NetSession Interface
"3741:TCP"= 3741:TCP:Akamai NetSession Interface
"3801:TCP"= 3801:TCP:Akamai NetSession Interface
"3953:TCP"= 3953:TCP:Akamai NetSession Interface
"4466:TCP"= 4466:TCP:Akamai NetSession Interface
"2043:TCP"= 2043:TCP:Akamai NetSession Interface
"2102:TCP"= 2102:TCP:Akamai NetSession Interface
"2623:TCP"= 2623:TCP:Akamai NetSession Interface
"3012:TCP"= 3012:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"3111:TCP"= 3111:TCP:Akamai NetSession Interface
"1678:TCP"= 1678:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"3547:TCP"= 3547:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2023:TCP"= 2023:TCP:Akamai NetSession Interface
"1360:TCP"= 1360:TCP:Akamai NetSession Interface
"3864:TCP"= 3864:TCP:Akamai NetSession Interface
"1461:TCP"= 1461:TCP:Akamai NetSession Interface
"4599:TCP"= 4599:TCP:Akamai NetSession Interface
"2052:TCP"= 2052:TCP:Akamai NetSession Interface
"1083:TCP"= 1083:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"2038:TCP"= 2038:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"3464:TCP"= 3464:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"2586:TCP"= 2586:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"4624:TCP"= 4624:TCP:Akamai NetSession Interface
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"1316:TCP"= 1316:TCP:Akamai NetSession Interface
"1757:TCP"= 1757:TCP:Akamai NetSession Interface
"2409:TCP"= 2409:TCP:Akamai NetSession Interface
"2588:TCP"= 2588:TCP:Akamai NetSession Interface
"2649:TCP"= 2649:TCP:Akamai NetSession Interface
"1503:TCP"= 1503:TCP:Akamai NetSession Interface
"2107:TCP"= 2107:TCP:Akamai NetSession Interface
"2953:TCP"= 2953:TCP:Akamai NetSession Interface
"1613:TCP"= 1613:TCP:Akamai NetSession Interface
"1905:TCP"= 1905:TCP:Akamai NetSession Interface
"2385:TCP"= 2385:TCP:Akamai NetSession Interface
"3287:TCP"= 3287:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"1445:TCP"= 1445:TCP:Akamai NetSession Interface
"3320:TCP"= 3320:TCP:Akamai NetSession Interface
"4269:TCP"= 4269:TCP:Akamai NetSession Interface
"1382:TCP"= 1382:TCP:Akamai NetSession Interface
"2475:TCP"= 2475:TCP:Akamai NetSession Interface
"1522:TCP"= 1522:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2858:TCP"= 2858:TCP:Akamai NetSession Interface
"1689:TCP"= 1689:TCP:Akamai NetSession Interface
"2435:TCP"= 2435:TCP:Akamai NetSession Interface
"2639:TCP"= 2639:TCP:Akamai NetSession Interface
"3505:TCP"= 3505:TCP:Akamai NetSession Interface
"1402:TCP"= 1402:TCP:Akamai NetSession Interface
"1424:TCP"= 1424:TCP:Akamai NetSession Interface
"2134:TCP"= 2134:TCP:Akamai NetSession Interface
"2442:TCP"= 2442:TCP:Akamai NetSession Interface
"1108:TCP"= 1108:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"1682:TCP"= 1682:TCP:Akamai NetSession Interface
"1534:TCP"= 1534:TCP:Akamai NetSession Interface
"1568:TCP"= 1568:TCP:Akamai NetSession Interface
"1459:TCP"= 1459:TCP:Akamai NetSession Interface
"1582:TCP"= 1582:TCP:Akamai NetSession Interface
"1884:TCP"= 1884:TCP:Akamai NetSession Interface
"3158:TCP"= 3158:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"3549:TCP"= 3549:TCP:Akamai NetSession Interface
"1326:TCP"= 1326:TCP:Akamai NetSession Interface
"1231:TCP"= 1231:TCP:Akamai NetSession Interface
"1614:TCP"= 1614:TCP:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1617:TCP"= 1617:TCP:Akamai NetSession Interface
"2650:TCP"= 2650:TCP:Akamai NetSession Interface
"2776:TCP"= 2776:TCP:Akamai NetSession Interface
"2895:TCP"= 2895:TCP:Akamai NetSession Interface
"3019:TCP"= 3019:TCP:Akamai NetSession Interface
"3293:TCP"= 3293:TCP:Akamai NetSession Interface
"3334:TCP"= 3334:TCP:Akamai NetSession Interface
"3377:TCP"= 3377:TCP:Akamai NetSession Interface
"3595:TCP"= 3595:TCP:Akamai NetSession Interface
"1066:TCP"= 1066:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1805:TCP"= 1805:TCP:Akamai NetSession Interface
"1957:TCP"= 1957:TCP:Akamai NetSession Interface
"2282:TCP"= 2282:TCP:Akamai NetSession Interface
"2525:TCP"= 2525:TCP:Akamai NetSession Interface
"1243:TCP"= 1243:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"1347:TCP"= 1347:TCP:Akamai NetSession Interface
"1368:TCP"= 1368:TCP:Akamai NetSession Interface
"1395:TCP"= 1395:TCP:Akamai NetSession Interface
"1407:TCP"= 1407:TCP:Akamai NetSession Interface
"1468:TCP"= 1468:TCP:Akamai NetSession Interface
"1551:TCP"= 1551:TCP:Akamai NetSession Interface
"1737:TCP"= 1737:TCP:Akamai NetSession Interface
"1836:TCP"= 1836:TCP:Akamai NetSession Interface
"1899:TCP"= 1899:TCP:Akamai NetSession Interface
"1521:TCP"= 1521:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1396:TCP"= 1396:TCP:Akamai NetSession Interface
"1772:TCP"= 1772:TCP:Akamai NetSession Interface
"1305:TCP"= 1305:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"2735:TCP"= 2735:TCP:Akamai NetSession Interface
"2324:TCP"= 2324:TCP:Akamai NetSession Interface
"1408:TCP"= 1408:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"2137:TCP"= 2137:TCP:Akamai NetSession Interface
"3885:TCP"= 3885:TCP:Akamai NetSession Interface
"2724:TCP"= 2724:TCP:Akamai NetSession Interface
"3180:TCP"= 3180:TCP:Akamai NetSession Interface
"4952:TCP"= 4952:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"3966:TCP"= 3966:TCP:Akamai NetSession Interface
"7025:TCP"= 7025:TCP:oeidwz

R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [1/13/2005 8:44 AM 20480]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/16/2009 12:56 AM 673920]
R2 acssrv;Quick Heal Client Security Service;c:\progra~1\QUICKH~2\QUICKH~2\acs.exe [12/16/2009 12:55 AM 1224704]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [12/16/2009 12:53 AM 65016]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [12/16/2009 12:53 AM 28656]
R2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~2\QUICKH~1\opssvc.exe [12/16/2009 12:53 AM 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;c:\progra~1\QUICKH~2\QUICKH~1\EMLPROXY.EXE [12/16/2009 12:53 AM 50552]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~2\QUICKH~1\quhlpsvc.exe [12/16/2009 12:53 AM 58744]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/16/2009 12:56 AM 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/16/2009 12:57 AM 234640]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [10/21/2008 2:30 PM 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [10/21/2008 2:30 PM 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [10/21/2008 2:30 PM 60416]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS --> c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys --> c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/12/2005 4:56 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 4:08 PM 133104]
S2 gwgtie;Boot System;c:\windows\system32\svchost.exe -k netsvcs [1/12/2005 4:56 AM 14336]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 kernelx86;Kernel Debug Service;\??\c:\windows\system32\drivers\kernelx86.sys --> c:\windows\system32\drivers\kernelx86.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS --> c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS [?]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [9/25/2005 3:49 PM 283392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gwgtie
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {BC932995-54C4-47DE-A831-A190379746C1} = 202.54.10.9 202.54.29.5
TCP: {D906B516-D0B7-4A00-82E9-F82E69A966B2} = 202.54.10.2,203.197.12.42
FF - ProfilePath - c:\documents and settings\Rohit\Application Data\Mozilla\Firefox\Profiles\ctie2vkh.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-rmiybqql.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwgtie]
"ServiceDll"="c:\windows\system32\kxbvcgv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
@="Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:00003482
"Data05"=dword:00000000
"Data0C"=dword:00000708
"Data0E"=dword:00000258
"Data0F"=dword:00000384
"Data10"=dword:00000000
"Data11"=dword:00000000
"Data12"=dword:00000000
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000258
"Data0D"=dword:00000708
"Data17"=dword:00000000
"Data18"=dword:00000000
"Data19"=dword:00000000
"Data1A"=dword:00000000
"Data21"=dword:00000000
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:00000000
"Data27"=dword:00000004
"Data28"=dword:00000004
"Data29"=dword:00000004
"Data2A"=dword:00000004
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:00003482
"Data09"=dword:00000000
"Data80"="($\14ÿ˜\1f\0fG ¢‡tñÝÄÁì\12\0eû."
"Data85"="XTD¯iN>åÞÆ²4Ü\02ýl\1e"
"Data86"="HD³ŸY>®ÛÈÅ(\1d\06ñdaSü¡‹="
"Data87"="8³£I®žÂ·.\1d\06ñgd@ü¡‹="
"Data82"="\08\04Ò`\1aþn–‚{îãÇ}\"\1e\0c½fR\0d?¦ž"
"Data83"="÷ÒdP\0an^–†öÅ» \"\07ùh]\0d=£¢MuáœÎ¶."
"Data84"="ÆdT@y^N†òÒÑ´6Ü\02ýl\1eVBlž†~"
"Data88"="§£“¹žŽÂ+\1e\16ú-RN<m¥ŠwìÙŒ¾&\1e"
"Data89"="—“ƒï©Ž~2\1b\0e\06k\1dB>«]•zçÜÉ|.\16\0e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4²]•z°œÎ¶."
"Data8B"="wóãÏ‰íÝ\01\02sdB:lœƒ‚ÐÑ|.\16\0e"
"Data8C"="çãÓ¿øÝÍ\06rRQ4µ\\}ëÁ½+\1b\0dû-bC;™~â›Íµ-"
"Data8D"="×ÓÃ/èÍ½rW@1§¢L|ãâÁ&Û\0eõn"
"Data8E"="´\0aüíåM"
"Data8F"="·3#\0fÈ.\1eAB²£y¬ÜÃÂì!\0a»nVN"
"Data91"="\17\13\03o)\0eý¥‘Š}òÖŒ±-\1bÌóe\1cN6"
"Data92"="\07\03s_\19ým¥Š}õœÌ³2Ü\01ük[M<l•†{ñÌÇÀê\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data20"=dword:000618fc
"Data0A"=dword:00003482
"Data0B"=dword:00000000
"Data90"="8\10\07ýn\10\0b:¦ˆ:â×Ñ±3!\11¹qSVGi”‰|ßÎÉ¶7\0e\11õl[\09"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\oyopu.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\jfkrs]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{3509A1A3-B52A-B6F6-4F2F-526700056BCB}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\pjaou]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1716)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\progra~1\QUICKH~2\QUICKH~1\scanwscs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Billion\ADSL USB Modem\CnxDslTb.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\progra~1\QUICKH~2\QUICKH~1\OnlineNT.EXE
.
**************************************************************************
.
Completion time: 2009-12-21 22:20:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 16:50
ComboFix2.txt 2009-12-20 14:37
ComboFix3.txt 2009-12-18 07:22
ComboFix4.txt 2009-05-01 10:29

Pre-Run: 51,287,798,784 bytes free
Post-Run: 51,267,262,976 bytes free

- - End Of File - - 485BC9462530B13D9FB3763F3A8ED039

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/22/2009 10:42 AM (GMT +3)

Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop.

Killall::
Snapshot::
Rootkit::
c:\windows\system32\kxbvcgv.dll
c:\WINDOWS\system32\oyopu.dll
Registry-clean::
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwgtie]
Reglockdel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@=-

Once saved drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/22/2009 1:18 PM (GMT +3)

I have done as u asked me to do. The following is the combofix log file.

ComboFix 09-12-21.04 - Rohit 12/22/2009 15:19:07.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.231 [GMT 5.5:30]
Running from: c:\documents and settings\Rohit\Desktop\KittyFix.exe
Command switches used :: c:\documents and settings\Rohit\Desktop\CFScript.txt
AV: Quick Heal 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_eokztv
-------\Legacy_gwgtie
-------\Service_eokztv
-------\Service_gwgtie

((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-20 14:51 . 2009-12-20 14:51 18864 ----a-w- c:\documents and settings\Rohit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-20 14:47 . 2009-12-20 14:47 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Identities
2009-12-20 14:06 . 2009-12-20 14:06 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\WinZip
2009-12-20 07:50 . 2009-12-20 07:57 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Temp
2009-12-18 18:08 . 2009-12-18 18:08 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Yahoo
2009-12-18 10:26 . 2009-12-18 17:53 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Google
2009-12-18 10:07 . 2009-12-18 10:07 -------- d-----w- c:\documents and settings\Rohit\Application Data\PC Suite
2009-12-18 10:00 . 2009-12-18 10:00 -------- d-----w- c:\documents and settings\Rohit\Local Settings\Application Data\Mozilla
2009-12-18 09:48 . 2009-12-18 09:48 574 ----a-w- C:\cleanup.bat
2009-12-18 09:48 . 2009-12-18 09:48 135168 ----a-w- C:\zip.exe
2009-12-18 08:27 . 2009-12-18 08:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-12-17 17:21 . 2009-12-03 10:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 17:21 . 2009-12-03 10:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 19:27 . 2008-06-30 11:46 234640 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-12-15 19:26 . 2008-07-11 10:11 673920 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-12-15 19:26 . 2008-06-30 11:46 30864 ----a-w- c:\windows\system32\drivers\afw.sys
2009-12-15 19:25 . 2009-12-15 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Quick Heal
2009-12-15 19:23 . 2009-12-15 19:23 28656 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-12-15 19:23 . 2009-12-15 19:23 65016 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-12-15 19:23 . 2009-12-15 19:25 -------- d-----w- c:\program files\Quick Heal
2009-12-11 17:45 . 2009-12-11 17:46 -------- d-----w- c:\program files\Quick Heal PCTuner
2009-12-05 21:47 . 2009-12-05 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-12-03 06:48 . 2009-12-03 06:48 6144 ---ha-w- c:\documents and settings\NetworkService\tjvquhv.exe
2009-12-03 06:48 . 2009-12-03 06:48 212994 --sh--r- c:\windows\system32\wmirpcd.exe
2009-12-02 11:18 . 2009-12-17 23:10 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 08:01 . 2006-02-01 15:41 -------- d-----w- c:\program files\Google
2009-12-17 23:10 . 2006-07-28 17:57 -------- d-----w- c:\program files\Java
2009-12-17 22:38 . 2009-07-15 07:46 -------- d-----w- c:\program files\Fake Webcam
2009-12-02 09:04 . 2007-01-11 17:49 -------- d-----w- c:\program files\FlashGet
2009-11-02 23:25 . 2006-11-01 14:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Metacafe
2009-10-04 14:09 . 2009-10-04 14:09 95232 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 14:09 . 2009-10-04 14:09 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 14:09 . 2009-10-04 14:09 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-04 14:08 . 2009-10-04 14:10 33773208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-10-04 13:16 . 2009-07-26 14:53 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-04 13:16 . 2009-07-26 14:53 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-04 13:16 . 2009-07-26 14:53 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2005-01-11 23:16 . 2002-01-01 02:40 21952 -c-ha-w- c:\program files\folder.htt
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys
[7] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Billion\ADSL USB Modem\CnxDslTb.exe Billion\ADSL USB Modem" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-08-02 86016]
"DSLAGENTEXE"="c:\program files\Huawei\MT841\dslagent.exe" [2004-08-25 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-23 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Email Protection"="c:\progra~1\QUICKH~2\QUICKH~1\EMLPROUI.EXE" [2009-12-15 267640]
"Update Scheduler"="c:\progra~1\QUICKH~2\QUICKH~1\UPSCHD.EXE" [2009-12-15 95608]
"On-Line Protection"="c:\progra~1\QUICKH~2\QUICKH~1\cateye.exe" [2009-12-15 206200]
"Startup Scan"="c:\progra~1\QUICKH~2\QUICKH~1\Sensor.EXE" [2009-12-15 144760]
"ResumeQuickupDownload"="c:\progra~1\QUICKH~2\QUICKH~1\acappaa.exe" [2009-12-15 95608]
"Quick Heal Monitor"="c:\progra~1\QUICKH~2\QUICKH~2\op_mon.exe" [2008-07-31 1941504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Startup Scan"="c:\progra~1\QUICKH~2\QUICKH~1\Sensor.EXE" [2009-12-15 144760]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^D-Link AirPlus G+ Wireless Adapter Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\D-Link AirPlus G+ Wireless Adapter Utility.lnk
backup=c:\windows\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rohit^Start Menu^Programs^Startup^salesdesk.lnk]
path=c:\documents and settings\Rohit\Start Menu\Programs\Startup\salesdesk.lnk
backup=c:\windows\pss\salesdesk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-07 11:25 267064 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 13:20 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rediff Messenger]
2006-04-11 06:56 3041456 ----a-w- c:\program files\Rediff Bol\RediffMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Huawei\\MT841\\dslagent.exe"=
"c:\\Program Files\\Rediff Bol\\RediffMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Rediff Bol\\AppWorkingDir\\Client\\Video\\Talk&See.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wmirpcd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1584:TCP"= 1584:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1329:TCP"= 1329:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"2876:TCP"= 2876:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"1530:TCP"= 1530:TCP:Akamai NetSession Interface
"1933:TCP"= 1933:TCP:Akamai NetSession Interface
"4404:TCP"= 4404:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"4309:TCP"= 4309:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1299:TCP"= 1299:TCP:Akamai NetSession Interface
"3419:TCP"= 3419:TCP:Akamai NetSession Interface
"3774:TCP"= 3774:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2157:TCP"= 2157:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"2304:TCP"= 2304:TCP:Akamai NetSession Interface
"1236:TCP"= 1236:TCP:Akamai NetSession Interface
"1843:TCP"= 1843:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"2658:TCP"= 2658:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1463:TCP"= 1463:TCP:Akamai NetSession Interface
"2031:TCP"= 2031:TCP:Akamai NetSession Interface
"1393:TCP"= 1393:TCP:Akamai NetSession Interface
"4592:TCP"= 4592:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"2035:TCP"= 2035:TCP:Akamai NetSession Interface
"1338:TCP"= 1338:TCP:Akamai NetSession Interface
"3060:TCP"= 3060:TCP:Akamai NetSession Interface
"3137:TCP"= 3137:TCP:Akamai NetSession Interface
"1172:TCP"= 1172:TCP:Akamai NetSession Interface
"4821:TCP"= 4821:TCP:Akamai NetSession Interface
"4394:TCP"= 4394:TCP:Akamai NetSession Interface
"2354:TCP"= 2354:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"1206:TCP"= 1206:TCP:Akamai NetSession Interface
"1296:TCP"= 1296:TCP:Akamai NetSession Interface
"2421:TCP"= 2421:TCP:Akamai NetSession Interface
"2433:TCP"= 2433:TCP:Akamai NetSession Interface
"2736:TCP"= 2736:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1401:TCP"= 1401:TCP:Akamai NetSession Interface
"1797:TCP"= 1797:TCP:Akamai NetSession Interface
"1807:TCP"= 1807:TCP:Akamai NetSession Interface
"2480:TCP"= 2480:TCP:Akamai NetSession Interface
"3636:TCP"= 3636:TCP:Akamai NetSession Interface
"3669:TCP"= 3669:TCP:Akamai NetSession Interface
"3796:TCP"= 3796:TCP:Akamai NetSession Interface
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"1446:TCP"= 1446:TCP:Akamai NetSession Interface
"1622:TCP"= 1622:TCP:Akamai NetSession Interface
"1126:TCP"= 1126:TCP:Akamai NetSession Interface
"3806:TCP"= 3806:TCP:Akamai NetSession Interface
"2066:TCP"= 2066:TCP:Akamai NetSession Interface
"1695:TCP"= 1695:TCP:Akamai NetSession Interface
"3432:TCP"= 3432:TCP:Akamai NetSession Interface
"1920:TCP"= 1920:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1263:TCP"= 1263:TCP:Akamai NetSession Interface
"1532:TCP"= 1532:TCP:Akamai NetSession Interface
"3491:TCP"= 3491:TCP:Akamai NetSession Interface
"3504:TCP"= 3504:TCP:Akamai NetSession Interface
"3517:TCP"= 3517:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1114:TCP"= 1114:TCP:Akamai NetSession Interface
"2333:TCP"= 2333:TCP:Akamai NetSession Interface
"2446:TCP"= 2446:TCP:Akamai NetSession Interface
"2459:TCP"= 2459:TCP:Akamai NetSession Interface
"2781:TCP"= 2781:TCP:Akamai NetSession Interface
"3202:TCP"= 3202:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"2114:TCP"= 2114:TCP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4305:TCP"= 4305:TCP:Akamai NetSession Interface
"4336:TCP"= 4336:TCP:Akamai NetSession Interface
"4367:TCP"= 4367:TCP:Akamai NetSession Interface
"4403:TCP"= 4403:TCP:Akamai NetSession Interface
"1345:TCP"= 1345:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1323:TCP"= 1323:TCP:Akamai NetSession Interface
"1339:TCP"= 1339:TCP:Akamai NetSession Interface
"2046:TCP"= 2046:TCP:Akamai NetSession Interface
"2061:TCP"= 2061:TCP:Akamai NetSession Interface
"2618:TCP"= 2618:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"3351:TCP"= 3351:TCP:Akamai NetSession Interface
"3027:TCP"= 3027:TCP:Akamai NetSession Interface
"3189:TCP"= 3189:TCP:Akamai NetSession Interface
"3204:TCP"= 3204:TCP:Akamai NetSession Interface
"3225:TCP"= 3225:TCP:Akamai NetSession Interface
"1416:TCP"= 1416:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1989:TCP"= 1989:TCP:Akamai NetSession Interface
"4729:TCP"= 4729:TCP:Akamai NetSession Interface
"1365:TCP"= 1365:TCP:Akamai NetSession Interface
"1697:TCP"= 1697:TCP:Akamai NetSession Interface
"1711:TCP"= 1711:TCP:Akamai NetSession Interface
"1727:TCP"= 1727:TCP:Akamai NetSession Interface
"2041:TCP"= 2041:TCP:Akamai NetSession Interface
"2053:TCP"= 2053:TCP:Akamai NetSession Interface
"2064:TCP"= 2064:TCP:Akamai NetSession Interface
"2077:TCP"= 2077:TCP:Akamai NetSession Interface
"2088:TCP"= 2088:TCP:Akamai NetSession Interface
"2098:TCP"= 2098:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"2133:TCP"= 2133:TCP:Akamai NetSession Interface
"2143:TCP"= 2143:TCP:Akamai NetSession Interface
"2167:TCP"= 2167:TCP:Akamai NetSession Interface
"2184:TCP"= 2184:TCP:Akamai NetSession Interface
"2195:TCP"= 2195:TCP:Akamai NetSession Interface
"2212:TCP"= 2212:TCP:Akamai NetSession Interface
"2222:TCP"= 2222:TCP:Akamai NetSession Interface
"2245:TCP"= 2245:TCP:Akamai NetSession Interface
"2318:TCP"= 2318:TCP:Akamai NetSession Interface
"2329:TCP"= 2329:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"2355:TCP"= 2355:TCP:Akamai NetSession Interface
"2366:TCP"= 2366:TCP:Akamai NetSession Interface
"2377:TCP"= 2377:TCP:Akamai NetSession Interface
"1817:TCP"= 1817:TCP:Akamai NetSession Interface
"1827:TCP"= 1827:TCP:Akamai NetSession Interface
"1845:TCP"= 1845:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"1866:TCP"= 1866:TCP:Akamai NetSession Interface
"1878:TCP"= 1878:TCP:Akamai NetSession Interface
"1431:TCP"= 1431:TCP:Akamai NetSession Interface
"1636:TCP"= 1636:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"2835:TCP"= 2835:TCP:Akamai NetSession Interface
"2890:TCP"= 2890:TCP:Akamai NetSession Interface
"2838:TCP"= 2838:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1501:TCP"= 1501:TCP:Akamai NetSession Interface
"1607:TCP"= 1607:TCP:Akamai NetSession Interface
"1647:TCP"= 1647:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"3472:TCP"= 3472:TCP:Akamai NetSession Interface
"3535:TCP"= 3535:TCP:Akamai NetSession Interface
"3576:TCP"= 3576:TCP:Akamai NetSession Interface
"3671:TCP"= 3671:TCP:Akamai NetSession Interface
"3741:TCP"= 3741:TCP:Akamai NetSession Interface
"3801:TCP"= 3801:TCP:Akamai NetSession Interface
"3953:TCP"= 3953:TCP:Akamai NetSession Interface
"4466:TCP"= 4466:TCP:Akamai NetSession Interface
"2043:TCP"= 2043:TCP:Akamai NetSession Interface
"2102:TCP"= 2102:TCP:Akamai NetSession Interface
"2623:TCP"= 2623:TCP:Akamai NetSession Interface
"3012:TCP"= 3012:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"3111:TCP"= 3111:TCP:Akamai NetSession Interface
"1678:TCP"= 1678:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"3547:TCP"= 3547:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2023:TCP"= 2023:TCP:Akamai NetSession Interface
"1360:TCP"= 1360:TCP:Akamai NetSession Interface
"3864:TCP"= 3864:TCP:Akamai NetSession Interface
"1461:TCP"= 1461:TCP:Akamai NetSession Interface
"4599:TCP"= 4599:TCP:Akamai NetSession Interface
"2052:TCP"= 2052:TCP:Akamai NetSession Interface
"1083:TCP"= 1083:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"2038:TCP"= 2038:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"3464:TCP"= 3464:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"2586:TCP"= 2586:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"4624:TCP"= 4624:TCP:Akamai NetSession Interface
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"1316:TCP"= 1316:TCP:Akamai NetSession Interface
"1757:TCP"= 1757:TCP:Akamai NetSession Interface
"2409:TCP"= 2409:TCP:Akamai NetSession Interface
"2588:TCP"= 2588:TCP:Akamai NetSession Interface
"2649:TCP"= 2649:TCP:Akamai NetSession Interface
"1503:TCP"= 1503:TCP:Akamai NetSession Interface
"2107:TCP"= 2107:TCP:Akamai NetSession Interface
"2953:TCP"= 2953:TCP:Akamai NetSession Interface
"1613:TCP"= 1613:TCP:Akamai NetSession Interface
"1905:TCP"= 1905:TCP:Akamai NetSession Interface
"2385:TCP"= 2385:TCP:Akamai NetSession Interface
"3287:TCP"= 3287:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"1445:TCP"= 1445:TCP:Akamai NetSession Interface
"3320:TCP"= 3320:TCP:Akamai NetSession Interface
"4269:TCP"= 4269:TCP:Akamai NetSession Interface
"1382:TCP"= 1382:TCP:Akamai NetSession Interface
"2475:TCP"= 2475:TCP:Akamai NetSession Interface
"1522:TCP"= 1522:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2858:TCP"= 2858:TCP:Akamai NetSession Interface
"1689:TCP"= 1689:TCP:Akamai NetSession Interface
"2435:TCP"= 2435:TCP:Akamai NetSession Interface
"2639:TCP"= 2639:TCP:Akamai NetSession Interface
"3505:TCP"= 3505:TCP:Akamai NetSession Interface
"1402:TCP"= 1402:TCP:Akamai NetSession Interface
"1424:TCP"= 1424:TCP:Akamai NetSession Interface
"2134:TCP"= 2134:TCP:Akamai NetSession Interface
"2442:TCP"= 2442:TCP:Akamai NetSession Interface
"1108:TCP"= 1108:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"1682:TCP"= 1682:TCP:Akamai NetSession Interface
"1534:TCP"= 1534:TCP:Akamai NetSession Interface
"1568:TCP"= 1568:TCP:Akamai NetSession Interface
"1459:TCP"= 1459:TCP:Akamai NetSession Interface
"1582:TCP"= 1582:TCP:Akamai NetSession Interface
"1884:TCP"= 1884:TCP:Akamai NetSession Interface
"3158:TCP"= 3158:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"3549:TCP"= 3549:TCP:Akamai NetSession Interface
"1326:TCP"= 1326:TCP:Akamai NetSession Interface
"1231:TCP"= 1231:TCP:Akamai NetSession Interface
"1614:TCP"= 1614:TCP:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1617:TCP"= 1617:TCP:Akamai NetSession Interface
"2650:TCP"= 2650:TCP:Akamai NetSession Interface
"2776:TCP"= 2776:TCP:Akamai NetSession Interface
"2895:TCP"= 2895:TCP:Akamai NetSession Interface
"3019:TCP"= 3019:TCP:Akamai NetSession Interface
"3293:TCP"= 3293:TCP:Akamai NetSession Interface
"3334:TCP"= 3334:TCP:Akamai NetSession Interface
"3377:TCP"= 3377:TCP:Akamai NetSession Interface
"3595:TCP"= 3595:TCP:Akamai NetSession Interface
"1066:TCP"= 1066:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1805:TCP"= 1805:TCP:Akamai NetSession Interface
"1957:TCP"= 1957:TCP:Akamai NetSession Interface
"2282:TCP"= 2282:TCP:Akamai NetSession Interface
"2525:TCP"= 2525:TCP:Akamai NetSession Interface
"1243:TCP"= 1243:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"1347:TCP"= 1347:TCP:Akamai NetSession Interface
"1368:TCP"= 1368:TCP:Akamai NetSession Interface
"1395:TCP"= 1395:TCP:Akamai NetSession Interface
"1407:TCP"= 1407:TCP:Akamai NetSession Interface
"1468:TCP"= 1468:TCP:Akamai NetSession Interface
"1551:TCP"= 1551:TCP:Akamai NetSession Interface
"1737:TCP"= 1737:TCP:Akamai NetSession Interface
"1836:TCP"= 1836:TCP:Akamai NetSession Interface
"1899:TCP"= 1899:TCP:Akamai NetSession Interface
"1521:TCP"= 1521:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1396:TCP"= 1396:TCP:Akamai NetSession Interface
"1772:TCP"= 1772:TCP:Akamai NetSession Interface
"1305:TCP"= 1305:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"2735:TCP"= 2735:TCP:Akamai NetSession Interface
"2324:TCP"= 2324:TCP:Akamai NetSession Interface
"1408:TCP"= 1408:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"2137:TCP"= 2137:TCP:Akamai NetSession Interface
"3885:TCP"= 3885:TCP:Akamai NetSession Interface
"2724:TCP"= 2724:TCP:Akamai NetSession Interface
"3180:TCP"= 3180:TCP:Akamai NetSession Interface
"4952:TCP"= 4952:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"3966:TCP"= 3966:TCP:Akamai NetSession Interface
"7025:TCP"= 7025:TCP:oeidwz

R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [1/13/2005 8:44 AM 20480]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/16/2009 12:56 AM 673920]
R2 acssrv;Quick Heal Client Security Service;c:\progra~1\QUICKH~2\QUICKH~2\acs.exe [12/16/2009 12:55 AM 1224704]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [12/16/2009 12:53 AM 65016]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [12/16/2009 12:53 AM 28656]
R2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~2\QUICKH~1\opssvc.exe [12/16/2009 12:53 AM 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;c:\progra~1\QUICKH~2\QUICKH~1\EMLPROXY.EXE [12/16/2009 12:53 AM 50552]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~2\QUICKH~1\quhlpsvc.exe [12/16/2009 12:53 AM 58744]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/16/2009 12:56 AM 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/16/2009 12:57 AM 234640]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [10/21/2008 2:30 PM 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [10/21/2008 2:30 PM 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [10/21/2008 2:30 PM 60416]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS --> c:\documents and settings\Rohit\Desktop\virus protection\super antispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys --> c:\documents and settings\All Users.WINDOWS\Desktop\SASKUTIL.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/12/2005 4:56 AM 14336]
S2 eokztv;Boot System;c:\windows\system32\svchost.exe -k netsvcs [1/12/2005 4:56 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 4:08 PM 133104]
S2 gwgtie;Boot System;c:\windows\system32\svchost.exe -k netsvcs [1/12/2005 4:56 AM 14336]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 kernelx86;Kernel Debug Service;\??\c:\windows\system32\drivers\kernelx86.sys --> c:\windows\system32\drivers\kernelx86.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS --> c:\documents and settings\All Users.WINDOWS\Desktop\SASENUM.SYS [?]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [9/25/2005 3:49 PM 283392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gwgtie
eokztv
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {D906B516-D0B7-4A00-82E9-F82E69A966B2} = 202.54.10.2,203.197.12.42
FF - ProfilePath - c:\documents and settings\Rohit\Application Data\Mozilla\Firefox\Profiles\ctie2vkh.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 15:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eokztv]
"ServiceDll"="c:\windows\system32\kxbvcgv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwgtie]
"ServiceDll"="c:\windows\system32\kxbvcgv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
@="Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3509A1A3-B52A-B6F6-4F2F-526700056BCB}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:00003482
"Data05"=dword:00000000
"Data0C"=dword:00000708
"Data0E"=dword:00000258
"Data0F"=dword:00000384
"Data10"=dword:00000000
"Data11"=dword:00000000
"Data12"=dword:00000000
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000258
"Data0D"=dword:00000708
"Data17"=dword:00000000
"Data18"=dword:00000000
"Data19"=dword:00000000
"Data1A"=dword:00000000
"Data21"=dword:00000000
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:00000000
"Data27"=dword:00000004
"Data28"=dword:00000004
"Data29"=dword:00000004
"Data2A"=dword:00000004
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:00003482
"Data09"=dword:00000000
"Data80"="($\14ÿ˜\1f\0fG ¢‡tñÝÄÁì\12\0eû."
"Data85"="XTD¯iN>åÞÆ²4Ü\02ýl\1e"
"Data86"="HD³ŸY>®ÛÈÅ(\1d\06ñdaSü¡‹="
"Data87"="8³£I®žÂ·.\1d\06ñgd@ü¡‹="
"Data82"="\08\04Ò`\1aþn–‚{îãÇ}\"\1e\0c½fR\0d?¦ž"
"Data83"="÷ÒdP\0an^–†öÅ» \"\07ùh]\0d=£¢MuáœÎ¶."
"Data84"="ÆdT@y^N†òÒÑ´6Ü\02ýl\1eVBlž†~"
"Data88"="§£“¹žŽÂ+\1e\16ú-RN<m¥ŠwìÙŒ¾&\1e"
"Data89"="—“ƒï©Ž~2\1b\0e\06k\1dB>«]•zçÜÉ|.\16\0e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4²]•z°œÎ¶."
"Data8B"="wóãÏ‰íÝ\01\02sdB:lœƒ‚ÐÑ|.\16\0e"
"Data8C"="çãÓ¿øÝÍ\06rRQ4µ\\}ëÁ½+\1b\0dû-bC;™~â›Íµ-"
"Data8D"="×ÓÃ/èÍ½rW@1§¢L|ãâÁ&Û\0eõn"
"Data8E"="´\0aüíåM"
"Data8F"="·3#\0fÈ.\1eAB²£y¬ÜÃÂì!\0a»nVN"
"Data91"="\17\13\03o)\0eý¥‘Š}òÖŒ±-\1bÌóe\1cN6"
"Data92"="\07\03s_\19ým¥Š}õœÌ³2Ü\01ük[M<l•†{ñÌÇÀê\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data20"=dword:000618fc
"Data0A"=dword:00003482
"Data0B"=dword:00000000
"Data90"="8\10\07ýn\10\0b:¦ˆ:â×Ñ±3!\11¹qSVGi”‰|ßÎÉ¶7\0e\11õl[\09"

[HKEY_LOCAL_MACHINE\software\Microsoft\jfkrs]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{3509A1A3-B52A-B6F6-4F2F-526700056BCB}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\pjaou]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\progra~1\QUICKH~2\QUICKH~1\scanwscs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Billion\ADSL USB Modem\CnxDslTb.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\progra~1\QUICKH~2\QUICKH~1\OnlineNT.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-22 15:42:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 10:12
ComboFix2.txt 2009-12-21 16:50
ComboFix3.txt 2009-12-20 14:37
ComboFix4.txt 2009-12-18 07:22
ComboFix5.txt 2009-12-22 09:47

Pre-Run: 53,765,338,112 bytes free
Post-Run: 53,752,155,136 bytes free

- - End Of File - - ED2C2740759D7317D92646C528082688

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/22/2009 1:27 PM (GMT +3)

It behave like there is a rootkit hiding.

Click http://www.gmer.net/download.php and download the installer for Gmer to your desktop, then click that file to run Gmer.

If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

v

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/22/2009 8:59 PM (GMT +3)

I tried hard but the virus is not letting me download it. [:(]

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/23/2009 7:52 AM (GMT +3)

After running avenger earlier my system appeared to stabilize some what and the blue screen saying physical dump of memory newer appeared. Also quick heal antivrus began updating but stopped half way in an abrupt manner. But since yesterday the blue screen has started recurring. Also quick heal antivirus detected a virus named msrpc02.exe. Other programmes have also started running slow. Anti virus is also not updating at all.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 12/23/2009 9:15 AM (GMT +3)

Click: http://ad13.geekstogo.com/Win32kDiag.exe

and download Win32kDiag.exe directly to your Desktop

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after:

cd\
win32kdiag -r -f

Once that completes press any key to finish the scan. Post the new Win32kDiag.txt log with your next reply (it should be located on the desktop).

If by chance you cannot run the command window steps ->

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Please read: Forum Rules

Click: Before-posting-a-log

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/23/2009 10:07 AM (GMT +3)

Running from: C:\Documents and Settings\Rohit\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Rohit\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\es.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\kb828741.cat

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\kb828741.cat

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\catsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\catsrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\catsrvut.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\catsrvut.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\clbcatex.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\clbcatex.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\clbcatq.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\clbcatq.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\colbact.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\colbact.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\comadmin.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\comadmin.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\comrepl.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\comrepl.exe

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\comsvcs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\comsvcs.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\comuid.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\comuid.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\es.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\es.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\migregdb.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\migregdb.exe

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtcprx.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtcprx.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtctm.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtctm.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtcuiu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtcuiu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\mtxclu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\mtxclu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\mtxoci.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\mtxoci.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\ole32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\ole32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\rpcrt4.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\rpcrt4.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\rpcss.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\rpcss.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741_RTM$\txflog.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741_RTM$\txflog.dll

Cannot access: C:\WINDOWS\$NtUninstallKB833987$\kb833987.cat

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB833987$\kb833987.cat

Cannot access: C:\WINDOWS\$NtUninstallKB833987_RTM$\sxs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB833987_RTM$\sxs.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\kb835732.cat

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\kb835732.cat

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\browser.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\browser.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\callcont.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\callcont.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\cmdevtgprov.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\cmdevtgprov.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\evtgprov.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\evtgprov.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\gdi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\gdi32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\h323.tsp

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\h323.tsp

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\h323msp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\h323msp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\helpctr.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\helpctr.exe

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\ipnathlp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\ipnathlp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\lsasrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\lsasrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\mf3216.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\mf3216.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\msasn1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\msasn1.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\msgina.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\msgina.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\mst120.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\mst120.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\netapi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\netapi32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\nmcom.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\nmcom.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\rtcdll.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\rtcdll.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732_RTM$\schannel.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732_RTM$\schannel.dll

Cannot access: C:\WINDOWS\$NtUninstallQ329048$\reg00001

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallQ329048$\reg00001

Cannot access: C:\WINDOWS\$NtUninstallQ329390$\reg00001

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallQ329390$\reg00001

Cannot access: C:\WINDOWS\$NtUninstallQ329834$\reg00001

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallQ329834$\reg00001

Cannot access: C:\WINDOWS\MBR.exe

Attempting to restore permissions of : C:\WINDOWS\MBR.exe

Cannot access: C:\WINDOWS\system32\drivers\ojimbaff.sys

Attempting to restore permissions of : C:\WINDOWS\system32\drivers\ojimbaff.sys

2009-12-23 10:18:48 40128 C:\WINDOWS\system32\drivers\ojimbaff.sys ()

Cannot access: C:\WINDOWS\system32\secupdat.dat

Attempting to restore permissions of : C:\WINDOWS\system32\secupdat.dat

2009-12-23 10:17:58 71168 C:\WINDOWS\system32\secupdat.dat ()

Finished!

rohitkhaitan
New Member

Date Joined Dec 2009
Total Posts : 13

Posted 12/23/2009 10:22 AM (GMT +3)

A new problem has also occured in my system. Internet suddenly disconnects and i cannot open the connect icon. I have to restart my pc to reconnect it to the internet. I am trying to share all possible information with u as i dont know what is relevant and what is not. So kindly excuse me if it sounds absurd. [:)]

Forum Information

Currently it is Friday, May 24, 2013 10:45 PM (GMT +3)
There are a total of 59,537 posts in 13,142 threads.
In the last 3 days there were 3 new threads and 16 reply posts. View Active Threads