klamersus

The alert of this trojan horse infection keeps appearing whenever i try to access my drives through "My Computer". Even though i click on move to vault, this problem persist repeatedly.

I have run AVG, scanned and remove to vault but problem persist.

I tried to access and del the filename: C:\WINDOWS\system32\winxp.exe but the file reappears each time click on C drive in "My Computer" too!

This process name is stated each time the threat is detected
Process name: C\WINDOWS\system32\wscript.exe

I would really appreciate if anyone out there can help me on this. Thanks a million.


========================================================




DDS (Ver_09-10-13.01) - NTFSx86
Run by Charles Kho at 1:19:25.96 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2568 [GMT 8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Twain_32\SQ930 USB 2.0 Video Camera\SnapTrap.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\Salmosa\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
F:\Itunes\iTunesHelper.exe
C:\Program Files\Razer\Salmosa\razertra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Razer\Salmosa\razerofa.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Charles Kho\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ALUAlert] c:\program files\symantec\liveupdate\ALuNotify.exe
mRun: [Motor_Tracking_Tool] c:\windows\twain_32\sq930 usb 2.0 video camera\MTTool.exe
mRun: [STICAP] c:\windows\twain_32\sq930 usb 2.0 video camera\SnapTrap.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [SingTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Salmosa] c:\program files\razer\salmosa\razerhid.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [iTunesHelper] "f:\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [regdiit] c:\windows\system32\winxp.exe
mRun: [CTFMON] c:\windows\system32\wscript.exe /e:vbs c:\windows\system32\winjpg.jpg
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.cn/download/SOPCORE.CAB
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} -
SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
IFEO: MSConfig.exe - c:\windows\system32\wscript.exe /e:vbs c:\windows\system32\winjpg.jpg
IFEO: procexp.exe - \winxp.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charle~1\applic~1\mozilla\firefox\profiles\qvwxr8ry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\charles kho\application data\mozilla\firefox\profiles\qvwxr8ry.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-22 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-22 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-22 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-22 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-9-22 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-9-22 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [2008-12-10 9344]
R3 SQTECH930B;i-Spy PC Cam;c:\windows\system32\drivers\Capt930b.sys [2008-2-1 389760]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\drivers\zebrceb.sys [2008-11-8 63360]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 gupdate1c9e4523a5f16b2;Google Update Service (gupdate1c9e4523a5f16b2);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-9-22 29208]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\charle~1\locals~1\temp\CLT10.tmp [2009-10-18 25360]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\memstpci.sys [2008-11-8 26112]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\drivers\zebrbus.sys [2008-11-8 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\drivers\zebrmdfl.sys [2008-11-8 14848]
S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\drivers\zebrmdm.sys [2008-11-8 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\drivers\zebrmdmc.sys [2008-11-8 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\drivers\zebrsce.sys [2008-11-8 91264]
S4 Pdfraclr;Pdfraclr; [x]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-10-21 00:55 51,978 a--shr-- C:\winfile.jpg
2009-10-21 00:55 51,978 a--shr-- c:\windows\system32\winjpg.jpg
2009-10-20 23:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 23:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-20 23:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 06:48 <DIR> --d----- C:\Dev-Cpp
2009-10-16 19:22 110 a--shr-- C:\autorun.inf
2009-10-01 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-10-01 02:29 <DIR> --d----- c:\program files\TVUPlayer
2009-09-29 18:05 <DIR> --d----- c:\program files\iPod
2009-09-29 17:17 4,444 a------- c:\windows\system32\pid.PNF
2009-09-22 01:07 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-22 00:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-09-22 00:53 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-22 00:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-22 00:53 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-09-22 00:53 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-22 00:52 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-22 00:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-22 00:51 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-09-22 00:51 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-09-22 00:51 <DIR> --d----- c:\program files\AVG
2009-09-22 00:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-22 00:47 <DIR> --d----- c:\docume~1\charle~1\applic~1\AVG8
2009-09-21 13:44 <DIR> --d----- c:\docume~1\charle~1\applic~1\Uniblue

==================== Find3M ====================

2009-10-01 02:29 63,432 a---h--- c:\windows\system32\mlfcache.dat
2009-09-22 03:25 345 a------- C:\2ghtttfttjtytyr.exe
2009-09-22 03:25 345 a------- C:\ghjtyuutyr.exe
2009-09-22 03:25 345 a------- C:\ghjtytyr.exe
2009-09-21 14:51 345 a------- C:\yr.exe
2009-09-18 21:18 79,587 a------- c:\windows\War3Unin.dat
2009-08-05 17:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-08 13:21 16,384 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-08 13:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009070820090709\index.dat

============= FINISH: 1:19:35.23 ===============

Attached Files

	Attach.zip (2.6 KB, 0 views)
	ark.zip (634 Bytes, 1 views)

tetonbob

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

You have an autorun worm onboard. These are typically transmitted via USB flash drive, or other USB devices. Please ensure any USB key recently used is inserted in the machine when running ComboFix as instructed below.

1. Download ComboFix from one of these locations:
   
   Link 1
   Link 2
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------

klamersus

Hi, the log is given below

=========================================================

ComboFix 09-10-22.01 - Charles Kho 10/24/2009 3:22.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2774 [GMT 8:00]
Running from: c:\documents and settings\Charles Kho\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2ghtttfttjtytyr.exe
C:\autorun.inf
C:\ghjtytyr.exe
C:\ghjtyuutyr.exe
C:\smp.bat
c:\windows\system32\404Fix.exe
c:\windows\system32\a
c:\windows\system32\a.txt
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\d
c:\windows\system32\dumphive.exe
c:\windows\system32\f
c:\windows\system32\g
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msn.dll
c:\windows\system32\o1o2o3o4
c:\windows\system32\o4Patch.exe
c:\windows\system32\ournik
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\test
c:\windows\system32\tmp.reg
c:\windows\system32\u
c:\windows\system32\v1rg1n
c:\windows\system32\v1rgf
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winxp.exe
c:\windows\system32\WS2Fix.exe
C:\yr.exe
D:\autorun.inf
E:\autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AvgLdx86
-------\Legacy_AvgRkx86
-------\Legacy_AvgTdiX
-------\Legacy_MagicTune
-------\Legacy_NCPro
-------\Service_AvgLdx86
-------\Service_AvgRkx86
-------\Service_AvgTdiX
-------\Service_MagicTune
-------\Service_MemStPCI
-------\Service_NCPro
-------\Service_NdisIP
-------\Service_Pdfraclr
-------\Service_RTLE8023xp
-------\Service_Salmosa03
-------\Service_SLIP
-------\Service_SQTECH930B
-------\Service_usb
-------\Service_USBAAPL
-------\Service_zebrbus
-------\Service_zebrceb
-------\Service_zebrmdfl
-------\Service_zebrmdm
-------\Service_zebrmdmc
-------\Service_zebrsce


((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-22 22:21 . 2009-10-22 22:45 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Dev-Cpp
2009-10-22 19:03 . 2009-10-22 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-22 16:31 . 2009-10-22 16:31 -------- d-----w- C:\$AVG8.VAULT$
2009-10-22 16:24 . 2009-10-22 16:24 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\AVG8
2009-10-22 16:21 . 2009-10-22 16:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-22 16:21 . 2009-10-22 16:21 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-22 16:21 . 2009-10-22 16:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-22 16:21 . 2009-10-22 16:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-22 16:21 . 2009-10-23 19:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-22 16:21 . 2009-10-22 16:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-22 16:12 . 2009-10-22 16:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-22 16:11 . 2009-10-22 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-22 04:20 . 2009-10-22 19:01 10240 ----a-w- c:\windows\system32\Tech Wonder.exe
2009-10-20 15:53 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 15:53 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 22:48 . 2009-10-22 22:40 -------- d-----w- C:\Dev-Cpp
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\program files\TVUPlayer
2009-09-29 10:05 . 2009-09-29 10:05 -------- d-----w- c:\program files\iPod
2009-09-29 10:01 . 2009-09-29 10:01 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 16:21 . 2009-09-21 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-22 16:13 . 2007-12-02 09:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 04:36 . 2008-01-05 12:20 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\LimeWire
2009-10-21 14:22 . 2008-09-03 13:13 -------- d-----w- c:\program files\Garena
2009-10-20 15:18 . 2008-01-27 04:04 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\BitTorrent
2009-09-30 18:29 . 2007-12-08 20:21 63432 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 17:29 . 2008-05-31 13:52 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\mIRC
2009-09-30 17:28 . 2007-12-08 14:39 -------- d-----w- c:\program files\mIRC
2009-09-29 10:05 . 2007-12-29 02:58 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 09:59 . 2007-12-08 06:56 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Apple Computer
2009-09-29 09:12 . 2007-12-02 09:36 77160 ----a-w- c:\documents and settings\Charles Kho\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 03:56 . 2007-12-02 09:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 16:53 . 2009-09-21 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-21 16:53 . 2007-12-04 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-09-21 16:51 . 2009-09-21 16:51 -------- d-----w- c:\program files\AVG
2009-09-21 05:44 . 2009-09-21 05:44 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Uniblue
2009-09-18 13:18 . 2007-12-08 22:19 79587 ----a-w- c:\windows\War3Unin.dat
2009-09-14 16:11 . 2009-09-14 16:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-09-13 05:47 . 2009-09-13 05:47 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-13 05:45 . 2009-09-13 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 05:44 . 2009-09-13 05:44 -------- d-----w- c:\program files\QuickTime
2009-09-13 05:10 . 2008-10-15 22:53 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\ZoomBrowser EX
2009-09-13 05:09 . 2008-10-15 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-11 03:18 . 2008-03-23 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 02:15 . 2007-12-02 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-29 16:02 . 2009-08-29 16:02 -------- d-----w- c:\program files\SopCast
2009-08-05 09:01 . 2002-08-28 19:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"STICAP"="c:\windows\Twain_32\SQ930 USB 2.0 Video Camera\SnapTrap.exe" [2007-02-02 135168]
"SingTel_McciTrayApp"="c:\program files\SingTel\McciTrayApp.exe" [2008-06-27 1453568]
"Salmosa"="c:\program files\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-02 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Tech Wonders"="c:\windows\system32\Tech Wonder.exe" [2009-10-22 10240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-22 2025752]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-11-28 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-22 16:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"f:\\Itunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/23/2009 12:21 AM 297752]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9e4523a5f16b2;Google Update Service (gupdate1c9e4523a5f16b2);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 9:50 PM 133104]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp --> c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6849BBC-56CC-A8E1-D991-4640F2ACAFC8}]
c:\windows\system32\Tech Wonder.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 14:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
HKLM-Run-Motor_Tracking_Tool - c:\windows\Twain_32\SQ930 USB 2.0 Video Camera\MTTool.exe
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-regdiit - c:\windows\system32\winxp.exe
SSODL-ZipExt32-{35CEC8A3-2BE6-11D2-8773-92E220524140} - (no file)
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 03:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Tech Wonders = c:\windows\system32\Tech Wonder.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3300)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\WgaTray.exe
c:\combofix\CF11691.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\Razer\Salmosa\razerofa.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 3:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 19:30

Pre-Run: 29,790,154,752 bytes free
Post-Run: 30,816,964,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D01624B554B000E362DC861110DCF62B

tetonbob

Hi, please post new logs from DDS. Did you change your AntiVirus solution between initial post and now? First post shows AVG Internet Security + Firewall, ComboFix log indicates AVG AntiVirus only.

klamersus

yep. My free trial version of AVG internet security exipred so I'm left with the original antivirus part only. I got the Internet security to further enhance my protection after my comp was infested by the trojan.

There you go, the second DDS
=========================================================

DDS (Ver_09-10-13.01) - NTFSx86
Run by Charles Kho at 6:10:52.48 on Sat 10/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2707 [GMT 8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Twain_32\SQ930 USB 2.0 Video Camera\SnapTrap.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\Program Files\Razer\Salmosa\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Salmosa\razertra.exe
C:\Program Files\Razer\Salmosa\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles Kho\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [STICAP] c:\windows\twain_32\sq930 usb 2.0 video camera\SnapTrap.exe
mRun: [SingTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe
mRun: [Salmosa] c:\program files\razer\salmosa\razerhid.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Tech Wonders] c:\windows\system32\Tech Wonder.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.cn/download/SOPCORE.CAB
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charle~1\applic~1\mozilla\firefox\profiles\qvwxr8ry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - plugin: c:\documents and settings\charles kho\application data\mozilla\firefox\profiles\qvwxr8ry.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-24 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-24 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-24 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-24 298776]
R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [2008-12-10 9344]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 gupdate1c9e4523a5f16b2;Google Update Service (gupdate1c9e4523a5f16b2);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-12-7 1684736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\charle~1\locals~1\temp\fhk26.tmp --> c:\docume~1\charle~1\locals~1\temp\FHK26.tmp [?]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-10-24 06:02 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 06:02 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-10-24 06:02 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-24 06:02 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 06:02 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-24 04:56 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-10-24 04:44 <DIR> --d----- c:\windows\system32\AGEIA
2009-10-24 04:44 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-24 04:44 <DIR> --d----- c:\windows\NV9081344.TMP
2009-10-24 04:34 <DIR> --d----- c:\docume~1\charle~1\applic~1\Blitware
2009-10-24 04:34 <DIR> --d----- c:\program files\Driver Robot
2009-10-24 03:20 <DIR> a-dshr-- C:\cmdcons
2009-10-24 03:19 236,544 a------- c:\windows\PEV.exe
2009-10-24 03:19 161,792 a------- c:\windows\SWREG.exe
2009-10-24 03:19 98,816 a------- c:\windows\sed.exe
2009-10-23 06:21 <DIR> --d----- c:\docume~1\charle~1\applic~1\Dev-Cpp
2009-10-23 02:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-10-23 02:59 <DIR> --d----- c:\program files\McAfee Security Scan
2009-10-23 00:24 <DIR> --d----- c:\docume~1\charle~1\applic~1\AVG8
2009-10-22 23:25 22,669 a------- c:\windows\system32\Tech Wonder
2009-10-22 12:20 10,240 a------- c:\windows\system32\Tech Wonder.exe
2009-10-21 00:55 51,978 a--shr-- C:\winfile.jpg
2009-10-21 00:55 51,978 a--shr-- c:\windows\system32\winjpg.jpg
2009-10-20 23:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 23:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-20 23:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 06:48 <DIR> --d----- C:\Dev-Cpp
2009-10-01 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-10-01 02:29 <DIR> --d----- c:\program files\TVUPlayer
2009-09-29 18:05 <DIR> --d----- c:\program files\iPod
2009-09-29 17:17 4,444 a------- c:\windows\system32\pid.PNF

==================== Find3M ====================

2009-10-06 18:54 5,922,816 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 16:34 18,750,976 a------- c:\windows\RTHDCPL.EXE
2009-10-01 02:29 63,432 a---h--- c:\windows\system32\mlfcache.dat
2009-09-29 18:38 352,256 a------- c:\windows\vncutil.exe
2009-09-21 16:47 41,472 a------- c:\windows\system32\RtkCoInstXP.dll
2009-09-18 21:18 79,587 a------- c:\windows\War3Unin.dat
2009-09-11 22:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-05 05:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 16:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 16:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-18 17:16 831,488 a------- c:\windows\RtlExUpd.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 17:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 23:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 22:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:31 2,170,880 a------- c:\windows\MicCal.exe
2009-07-08 13:21 16,384 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-08 13:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009070820090709\index.dat

============= FINISH: 6:10:58.95 ===============

Attached Files

Attach2.txt (11.7 KB, 2 views)

tetonbob

Ok, thanks.

Next steps........

As mentioned in our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help


P2P - I see you have P2P software ( BitTorrent, LimeWire 4.18.8 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Outdated Java

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)


Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Java(TM) 6 Update 13 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

---------------------------------------------------------------------------------------------

Please perform this online scan to help look for remnants

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on Settings. Uncheck Mail databases.
• Next, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

How is the machine behaving?

klamersus

Hi below is the Kaspersky online scanner report

Inaddtion to the previous entry being frequently infected, AVG has also report these few entries affected as well.

C:\System Volume Information\_restore{121838B9F-9983-40F5-AC6D-D5AA06E681A1}\RP7\A0000423.exe

C:\System Volume Information\_restore{121838B9F-9983-40F5-AC6D-D5AA06E681A1}\RP10\A0000542.exe

C:\WINDOWS\system32\TechWonder.exe

Right now, i am able to access my main and partitioned drives.

===========================================================

Sunday, October 25, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 24, 2009 15:53:25
Records in database: 3060113
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics
Objects scanned 106985
Threats found 9
Infected objects found 34
Suspicious objects found 0
Scan duration 01:25:37

File name Threat Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.VBS.Autorun.gt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\a.vir Infected: Backdoor.IRC.Zapchast 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\d.vir Infected: Net-Worm.Win32.Randon.ar 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\f.vir Infected: Backdoor.IRC.Zapchast 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\g.vir Infected: Backdoor.IRC.Zapchast 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\o1o2o3o4.vir Infected: Backdoor.IRC.Zapchast 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\test.vir Infected: Backdoor.IRC.Zapchast 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\winxp.exe.vir Infected: Backdoor.Win32.Poison.pg 1
C:\Qoobox\Quarantine\D\autorun.inf.vir Infected: Worm.VBS.Autorun.gt 1
C:\Qoobox\Quarantine\E\autorun.inf.vir Infected: Worm.VBS.Autorun.gt 1
C:\Qoobox\Quarantine\F\autorun.inf.vir Infected: Worm.VBS.Autorun.gt 1
C:\WINDOWS\system32\c Infected: Backdoor.IRC.Sliv.d 1
C:\WINDOWS\system32\cl Infected: Backdoor.IRC.Zapchast 1
C:\WINDOWS\system32\scans Infected: Backdoor.IRC.Zapchast 1
C:\WINDOWS\system32\winjpg.jpg Infected: Worm.VBS.Autorun.el 1
C:\winfile.jpg Infected: Worm.VBS.Autorun.el 1
D:\winfile.jpg Infected: Worm.VBS.Autorun.el 1
E:\Australia[2008]DvDrip-aXXo\Australia[2008]DvDrip-aXXo.rar Infected: Net-Worm.Win32.Mytob.rg 10
E:\Australia[2008]DvDrip-aXXo\Australia[2008]DvDrip-aXXo.rar Infected: Trojan.Win32.VB.vse 4
E:\winfile.jpg Infected: Worm.VBS.Autorun.el 1
F:\winfile.jpg Infected: Worm.VBS.Autorun.el 1
Selected area has been scanned.

tetonbob

System Volume Information is where System Restore's cache is stored. Whatver is there cannot harm the machine unless a restore to that point is performed. We'll be clearing out old System Restore points and setting a new clean one when we are done.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
2. Open notepad and copy/paste the text in the quotebox below into it:
   
   
   Code:

   http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/424030-help-trojan-horse-backdoor-generic9-mql.html#post2407753
   Folder::
   C:\WINDOWS\system32\c
   C:\WINDOWS\system32\cl
   C:\WINDOWS\system32\scans
   File::
   E:\Australia[2008]DvDrip-aXXo\Australia[2008]DvDrip-aXXo.rar
   Collect::
   c:\windows\system32\Tech Wonder.exe
   c:\windows\system32\Tech Wonder
   C:\WINDOWS\system32\c
   C:\WINDOWS\system32\cl
   C:\WINDOWS\system32\scans
   C:\WINDOWS\system32\winjpg.jpg
   C:\winfile.jpg
   D:\winfile.jpg
   E:\winfile.jpg
   F:\winfile.jpg
   Comment::
   End Copy Here

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
3. ComboFix may request an update; please allow it.
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   **Note**
   
   When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
   • Ensure you are connected to the internet and click OK on the message box.
   
   Please let me know if the file was successfully submitted . Thanks.
   
   ------------------------------------------------------
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

klamersus

Hi the file has been successfully submitted.

and here is the log generated

===========================================================

ComboFix 09-10-23.01 - Charles Kho 10/25/2009 2:51.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2734 [GMT 8:00]
Running from: c:\documents and settings\Charles Kho\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charles Kho\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"e:\australia[2008]dvdrip-axxo\Australia[2008]DvDrip-aXXo.rar"

file zipped: c:\windows\system32\c
file zipped: c:\windows\system32\cl
file zipped: c:\windows\system32\scans
file zipped: c:\windows\system32\Tech Wonder
file zipped: c:\windows\system32\winjpg.jpg
file zipped: C:\winfile.jpg
file zipped: D:\winfile.jpg
file zipped: E:\winfile.jpg
file zipped: F:\winfile.jpg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\c
c:\windows\system32\cl
c:\windows\system32\scans
c:\windows\system32\Tech Wonder
c:\windows\system32\winjpg.jpg
C:\winfile.jpg
D:\winfile.jpg
E:\winfile.jpg
F:\winfile.jpg

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-23 22:36 . 2009-10-24 17:51 -------- d-----w- C:\$AVG8.VAULT$
2009-10-23 22:02 . 2009-10-24 01:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 22:02 . 2009-10-23 22:02 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-23 22:02 . 2009-10-23 22:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-23 22:02 . 2009-10-24 01:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-23 22:02 . 2009-10-24 01:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-23 22:02 . 2009-10-24 09:07 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-23 20:56 . 2009-07-08 04:05 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\windows\system32\AGEIA
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 20:44 . 2009-10-23 21:58 -------- d-----w- c:\windows\NV9081344.TMP
2009-10-23 20:34 . 2009-10-23 20:34 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Blitware
2009-10-23 20:34 . 2009-10-23 20:34 -------- d-----w- c:\program files\Driver Robot
2009-10-22 22:21 . 2009-10-22 22:45 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Dev-Cpp
2009-10-22 19:03 . 2009-10-22 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-22 16:24 . 2009-10-22 16:24 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\AVG8
2009-10-22 16:12 . 2009-10-22 16:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-22 16:11 . 2009-10-22 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-20 15:53 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 15:53 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 22:48 . 2009-10-22 22:40 -------- d-----w- C:\Dev-Cpp
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\program files\TVUPlayer
2009-09-29 10:05 . 2009-09-29 10:05 -------- d-----w- c:\program files\iPod
2009-09-29 10:01 . 2009-09-29 10:01 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 08:06 . 2007-12-03 16:04 -------- d-----w- c:\program files\Java
2009-10-24 07:58 . 2008-01-27 04:04 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\BitTorrent
2009-10-23 22:01 . 2009-09-21 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-23 20:56 . 2007-12-02 09:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 20:56 . 2007-12-02 09:42 -------- d-----w- c:\program files\Realtek
2009-10-23 19:32 . 2007-12-02 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-22 16:13 . 2007-12-02 09:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 04:36 . 2008-01-05 12:20 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\LimeWire
2009-10-21 14:22 . 2008-09-03 13:13 -------- d-----w- c:\program files\Garena
2009-10-06 10:54 . 2007-12-02 09:42 5922816 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 08:34 . 2007-12-02 09:42 18750976 ----a-w- c:\windows\RTHDCPL.EXE
2009-09-30 18:29 . 2007-12-08 20:21 63432 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 17:29 . 2008-05-31 13:52 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\mIRC
2009-09-30 17:28 . 2007-12-08 14:39 -------- d-----w- c:\program files\mIRC
2009-09-29 10:38 . 2008-12-07 10:03 352256 ----a-w- c:\windows\vncutil.exe
2009-09-29 10:05 . 2007-12-29 02:58 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 09:59 . 2007-12-08 06:56 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Apple Computer
2009-09-29 09:12 . 2007-12-02 09:36 77160 ----a-w- c:\documents and settings\Charles Kho\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 16:53 . 2009-09-21 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-21 16:53 . 2007-12-04 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-09-21 16:51 . 2009-09-21 16:51 -------- d-----w- c:\program files\AVG
2009-09-21 08:47 . 2008-12-07 10:03 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-09-21 05:44 . 2009-09-21 05:44 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Uniblue
2009-09-18 13:18 . 2007-12-08 22:19 79587 ----a-w- c:\windows\War3Unin.dat
2009-09-14 16:11 . 2009-09-14 16:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-09-13 05:47 . 2009-09-13 05:47 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-13 05:45 . 2009-09-13 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 05:44 . 2009-09-13 05:44 -------- d-----w- c:\program files\QuickTime
2009-09-13 05:10 . 2008-10-15 22:53 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\ZoomBrowser EX
2009-09-13 05:09 . 2008-10-15 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-11 14:18 . 2002-08-28 19:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:18 . 2008-03-23 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2001-08-23 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 16:02 . 2009-08-29 16:02 -------- d-----w- c:\program files\SopCast
2009-08-29 08:08 . 2002-08-28 19:41 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2002-08-28 19:41 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 09:16 . 2007-12-02 09:42 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-08-28 19:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-28 17:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 06:31 . 2007-12-02 09:42 2170880 ----a-w- c:\windows\MicCal.exe
2009-07-28 08:55 . 2007-12-02 09:40 143360 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-23_19.27.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-23 21:58 . 2009-10-23 21:58 16384 c:\windows\Temp\Perflib_Perfdata_480.dat
+ 2009-10-23 21:27 . 2008-08-19 05:26 77824 c:\windows\system32\ReinstallBackups\0026\DriverFiles\SOUNDMAN.EXE
+ 2009-10-23 21:27 . 2008-11-20 08:51 34816 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RtkCoInstXP.dll
+ 2009-10-23 21:27 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\wdmaud.drv
+ 2009-10-23 21:27 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\stream.sys
+ 2009-10-23 21:27 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\drmk.sys
+ 2009-10-23 21:27 . 2008-06-19 08:20 57344 c:\windows\system32\ReinstallBackups\0026\DriverFiles\ALCMTR.EXE
+ 2009-10-23 20:44 . 2007-10-04 09:14 81920 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvwddi.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 81920 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmctray.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 36864 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvcod.dll
+ 2008-12-10 01:45 . 2008-12-10 01:45 70936 c:\windows\system32\PhysXLoader.dll
+ 2008-12-04 01:28 . 2008-12-04 01:28 24344 c:\windows\system32\PhysXDevice.dll
+ 2001-08-23 04:00 . 2009-10-23 19:35 68360 c:\windows\system32\perfc009.dat
- 2001-08-23 04:00 . 2009-08-15 19:04 68360 c:\windows\system32\perfc009.dat
- 2007-06-28 16:43 . 2007-10-04 09:14 81920 c:\windows\system32\nvwddi.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 81920 c:\windows\system32\nvwddi.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 86016 c:\windows\system32\nvmctray.dll
- 2007-06-28 16:43 . 2007-10-04 09:14 45056 c:\windows\system32\nvmccsrs.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 45056 c:\windows\system32\nvmccsrs.dll
+ 2009-03-07 20:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-07 20:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2001-08-23 04:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 04:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2002-08-29 01:32 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
- 2002-08-29 01:32 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
- 2009-06-11 04:15 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-11 04:15 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2002-08-29 01:32 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2008-01-05 08:29 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-01-05 08:29 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2007-08-22 13:12 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-22 13:12 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-12-02 09:43 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 58648 c:\windows\system32\AgCPanelFrench.dll
+ 2007-12-02 10:15 . 2009-10-23 19:32 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-26 14:58 . 2006-10-26 14:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-10-23 19:33 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-23 19:33 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-23 19:33 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-23 19:37 . 2009-10-23 19:37 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-23 19:35 . 2009-10-23 19:35 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-23 20:04 . 2009-10-23 20:04 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-12-02 09:42 . 2009-03-02 03:14 57344 c:\windows\ALCMTR.EXE
- 2007-12-02 09:42 . 2008-06-19 08:20 57344 c:\windows\ALCMTR.EXE
+ 2009-10-23 19:34 . 2009-10-23 19:34 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-23 21:27 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\ksuser.dll
+ 2007-12-02 09:43 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-15 19:04 . 2009-08-15 19:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-12-02 09:27 . 2009-04-01 15:02 604160 c:\windows\system32\wmspdmod.dll
- 2007-12-02 09:42 . 2008-03-26 10:50 131072 c:\windows\system32\RTCOM\RTLCPAPI.dll
+ 2007-12-02 09:42 . 2009-04-23 08:58 131072 c:\windows\system32\RTCOM\RTLCPAPI.dll
+ 2007-12-02 09:42 . 2009-05-19 02:42 270336 c:\windows\system32\RTCOM\RTCOMDLL.dll
+ 2009-10-23 21:27 . 2008-10-01 06:29 290816 c:\windows\system32\ReinstallBackups\0026\DriverFiles\vncutil.exe
+ 2009-10-23 21:27 . 2008-03-26 10:50 131072 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RTLCPAPI.dll
+ 2009-10-23 21:27 . 2008-06-24 06:46 104992 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RtkAudioService.exe
+ 2009-10-23 21:27 . 2008-06-10 06:39 266240 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RTCOMDLL.dll
+ 2009-10-23 21:27 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\portcls.sys
+ 2009-10-23 21:27 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\ks.sys
+ 2009-10-23 20:56 . 2007-10-23 02:51 103296 c:\windows\system32\ReinstallBackups\0025\DriverFiles\Rtenicxp.sys
+ 2009-10-23 20:44 . 2007-10-04 09:14 155716 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvsvc32.exe
+ 2009-10-23 20:44 . 2007-10-04 09:14 286720 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvnt4cpl.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 188416 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmccss.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 229376 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmccs.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 364544 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvapi.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 197912 c:\windows\system32\physxcudart_20.dll
+ 2008-11-26 00:55 . 2008-11-26 00:55 288024 c:\windows\system32\PhysXCplUI.exe
+ 2008-11-25 00:38 . 2008-11-25 00:38 288024 c:\windows\system32\PhysXCompatCplUI.exe
- 2001-08-23 04:00 . 2009-08-15 19:04 435590 c:\windows\system32\perfh009.dat
+ 2001-08-23 04:00 . 2009-10-23 19:35 435590 c:\windows\system32\perfh009.dat
+ 2001-08-23 04:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
- 2001-08-23 04:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2007-12-02 09:51 . 2009-01-07 03:28 453152 c:\windows\system32\NVUNINST.EXE
+ 2007-12-02 09:53 . 2009-01-15 00:19 453152 c:\windows\system32\nvudisp.exe
+ 2007-06-28 16:43 . 2009-01-15 00:19 163908 c:\windows\system32\nvsvc32.exe
- 2007-06-28 16:43 . 2007-10-04 09:14 466944 c:\windows\system32\nvshell.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 466944 c:\windows\system32\nvshell.dll
- 2007-06-28 16:43 . 2007-10-04 09:14 188416 c:\windows\system32\nvmccss.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 188416 c:\windows\system32\nvmccss.dll
- 2007-06-28 16:43 . 2007-10-04 09:14 229376 c:\windows\system32\nvmccs.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 229376 c:\windows\system32\nvmccs.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 801312 c:\windows\system32\nvcplui.exe
+ 2007-06-28 16:43 . 2009-01-15 00:19 143360 c:\windows\system32\nvcolor.exe
+ 2007-06-28 16:43 . 2009-01-15 00:19 135168 c:\windows\system32\nvcodins.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 135168 c:\windows\system32\nvcod.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 449056 c:\windows\system32\nvappbar.exe
+ 2007-06-28 16:43 . 2009-01-15 00:19 663552 c:\windows\system32\nvapi.dll
- 2009-03-07 20:32 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-03-07 20:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 436768 c:\windows\system32\keystone.exe
+ 2009-10-24 08:06 . 2009-07-24 21:23 149280 c:\windows\system32\javaws.exe
+ 2009-10-24 08:06 . 2009-07-24 21:23 145184 c:\windows\system32\javaw.exe
+ 2009-10-24 08:06 . 2009-07-24 21:23 145184 c:\windows\system32\java.exe
- 2002-08-28 19:40 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2002-08-28 19:40 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2002-08-28 19:40 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2002-08-28 19:41 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2002-08-28 19:41 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-03-16 02:58 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
- 2004-03-16 02:58 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2007-12-02 09:27 . 2009-04-01 15:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2007-08-22 13:12 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-08-21 01:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 01:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-03-16 02:58 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys
- 2009-03-07 20:34 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-07 20:34 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2008-01-05 08:29 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-01-05 08:29 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2002-08-29 02:13 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
- 2009-06-11 04:15 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-11 04:15 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-22 13:12 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-22 13:12 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 06:09 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-07 20:32 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-07 20:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-11-27 16:43 . 2009-07-24 21:23 411368 c:\windows\system32\deploytk.dll
+ 2008-10-07 01:13 . 2008-10-07 01:13 116977 c:\windows\system32\AGEIA\AG1021\diag.bin
+ 2008-10-07 01:13 . 2008-10-07 01:13 214629 c:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-10-07 01:13 . 2008-10-07 01:13 119473 c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-10-07 01:13 . 2008-10-07 01:13 199885 c:\windows\system32\AGEIA\AG1011\app.bin
+ 2008-12-07 10:03 . 2009-03-17 06:07 122880 c:\windows\RtkAudioService.exe
+ 2009-08-07 15:51 . 2009-08-07 15:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2007-12-02 10:15 . 2009-09-11 02:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-10-23 19:33 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-23 19:33 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-23 19:33 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-23 19:33 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-23 19:33 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-23 19:33 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-23 19:33 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-23 19:33 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-23 19:33 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-23 20:04 . 2009-10-23 20:04 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-23 19:37 . 2009-10-23 19:37 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-23 19:37 . 2009-10-23 19:37 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-23 19:37 . 2009-10-23 19:37 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-23 21:06 . 2009-10-23 21:06 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-23 20:04 . 2009-10-23 20:04 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-23 19:36 . 2009-10-23 19:36 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-23 20:04 . 2009-10-23 20:04 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-23 20:04 . 2009-10-23 20:04 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-16 09:18 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
- 2002-08-28 19:41 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2002-08-28 19:41 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2009-10-23 21:27 . 2007-11-20 10:15 1826816 c:\windows\system32\ReinstallBackups\0026\DriverFiles\SkyTel.exe
+ 2009-10-23 21:27 . 2008-09-19 09:48 1200128 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RtlUpd.exe
+ 2009-10-23 21:27 . 2008-06-19 08:27 9715200 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RTLCPL.EXE
+ 2009-10-23 21:27 . 2008-11-25 08:37 4952576 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RtkHDAud.sys
+ 2009-10-23 21:27 . 2006-01-04 07:41 1389056 c:\windows\system32\ReinstallBackups\0026\DriverFiles\Monfilt.sys
+ 2009-10-23 21:27 . 2008-09-30 08:38 2168320 c:\windows\system32\ReinstallBackups\0026\DriverFiles\MicCal.exe
+ 2009-10-23 21:27 . 2008-08-05 12:10 1684736 c:\windows\system32\ReinstallBackups\0026\DriverFiles\Ambfilt.sys
+ 2009-10-23 21:27 . 2008-06-19 08:42 2808832 c:\windows\system32\ReinstallBackups\0026\DriverFiles\ALCWZRD.EXE
+ 2009-10-23 20:44 . 2007-10-04 09:14 2371584 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvwss.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 3551232 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvvitvs.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 6750208 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvoglnt.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 1150976 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmobls.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 3334144 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvgames.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 6344704 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvdisps.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 8491008 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvcpl.dll
+ 2009-10-23 20:44 . 2007-10-04 09:14 6854464 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nv4_mini.sys
+ 2009-10-23 20:44 . 2007-10-04 09:14 5783424 c:\windows\system32\ReinstallBackups\0022\DriverFiles\nv4_disp.dll
+ 2002-08-28 19:41 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2002-08-28 19:41 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 1657376 c:\windows\system32\nwiz.exe
+ 2007-06-28 16:43 . 2009-01-15 00:19 2744320 c:\windows\system32\nvwss.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 1101824 c:\windows\system32\nvwimg.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 1724416 c:\windows\system32\nvwdmcpl.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 3796992 c:\windows\system32\nvvitvs.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 9412608 c:\windows\system32\nvoglnt.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 1286144 c:\windows\system32\nvmobls.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 1507328 c:\windows\system32\nview.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 3489792 c:\windows\system32\nvgames.dll
+ 2007-06-28 16:43 . 2009-01-15 00:19 1346080 c:\windows\system32\nvdspsch.exe
+ 2007-06-28 16:43 . 2009-01-15 00:19 4710400 c:\windows\system32\nvdisps.dll
+ 2009-01-15 00:19 . 2009-01-15 00:19 1560576 c:\windows\system32\nvcuda.dll
+ 2007-12-02 09:27 . 2009-01-15 00:19 6168960 c:\windows\system32\nv4_disp.dll
+ 2002-08-28 19:41 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
- 2009-03-07 20:32 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2009-03-07 20:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2007-12-02 09:27 . 2009-01-15 00:19 6301248 c:\windows\system32\drivers\nv4_mini.sys
+ 2007-08-22 13:12 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2007-08-22 13:12 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2007-12-02 09:27 . 2009-01-15 00:19 6301248 c:\windows\system32\dllcache\nv4_mini.sys
+ 2009-04-16 16:24 . 2009-08-04 12:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-16 16:24 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-16 16:24 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 11:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-07 11:02 . 2009-02-07 11:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-16 16:24 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-16 16:24 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-22 13:12 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
- 2008-01-05 08:29 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-01-05 08:29 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-12-02 09:42 . 2009-06-22 09:39 1482752 c:\windows\RtlUpd.exe
+ 2009-08-07 15:51 . 2009-08-07 15:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-07 15:51 . 2009-08-07 15:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-24 20:59 . 2008-11-24 20:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-10-23 20:45 . 2009-10-23 20:45 1499648 c:\windows\Installer\f1cfc.msi
+ 2009-08-04 23:49 . 2009-08-04 23:49 3457024 c:\windows\Installer\42ff2.msp
+ 2009-07-26 20:31 . 2009-07-26 20:31 3738624 c:\windows\Installer\42fd7.msp
+ 2009-09-18 01:30 . 2009-09-18 01:30 5016576 c:\windows\Installer\42fbe.msp
+ 2009-08-18 05:08 . 2009-08-18 05:08 1373696 c:\windows\Installer\42fa5.msp
- 2007-12-02 10:15 . 2009-09-11 02:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-12-02 10:15 . 2009-09-11 02:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-12-02 10:15 . 2009-10-23 19:32 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-08-23 23:10 . 2007-08-23 23:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-22 17:03 . 2007-08-22 17:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2009-10-23 19:33 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-23 19:33 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-23 19:33 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-04-16 16:24 . 2009-08-04 12:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-16 16:24 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-16 16:24 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 11:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-07 11:02 . 2009-02-07 11:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-16 16:24 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-16 16:24 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-23 19:35 . 2009-10-23 19:35 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-23 19:37 . 2009-10-23 19:37 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-23 19:37 . 2009-10-23 19:37 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-23 21:06 . 2009-10-23 21:06 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-23 20:06 . 2009-10-23 20:06 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-23 19:34 . 2009-10-23 19:34 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-08-15 19:04 . 2009-08-15 19:04 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-23 21:27 . 2008-11-17 08:08 17676288 c:\windows\system32\ReinstallBackups\0026\DriverFiles\RTHDCPL.EXE
+ 2007-06-28 16:43 . 2009-01-15 00:19 13680640 c:\windows\system32\nvcpl.dll
+ 2007-12-03 03:15 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2009-03-07 20:39 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2008-01-05 08:29 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-14 12:32 . 2009-08-14 12:32 11110912 c:\windows\Installer\42ffe.msp
+ 2009-08-18 04:50 . 2009-08-18 04:50 12022272 c:\windows\Installer\42f8c.msp
+ 2009-10-23 19:33 . 2009-07-19 10:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-10-23 19:37 . 2009-10-23 19:37 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-23 20:05 . 2009-10-23 20:05 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-23 20:04 . 2009-10-23 20:04 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-23 19:36 . 2009-10-23 19:36 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-23 19:35 . 2009-10-23 19:35 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"STICAP"="c:\windows\Twain_32\SQ930 USB 2.0 Video Camera\SnapTrap.exe" [2007-02-02 135168]
"SingTel_McciTrayApp"="c:\program files\SingTel\McciTrayApp.exe" [2008-06-27 1453568]
"Salmosa"="c:\program files\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-02 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-24 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-10-06 18750976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-11-28 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-24 01:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"f:\\Itunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/24/2009 6:02 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/24/2009 6:02 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/24/2009 6:02 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/24/2009 6:01 AM 297752]
R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [12/10/2008 7:03 PM 9344]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9e4523a5f16b2;Google Update Service (gupdate1c9e4523a5f16b2);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 9:50 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/7/2008 6:03 PM 1684736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp --> c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVG8WD
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGRKX86
*NewlyCreated* - AVGTDIX
*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6849BBC-56CC-A8E1-D991-4640F2ACAFC8}]
c:\windows\system32\Tech Wonder.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-10-23 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-10-23 09:51]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 14:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Tech Wonders - c:\windows\system32\Tech Wonder.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 02:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Tech Wonders = c:\windows\system32\Tech Wonder.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp"
.
Completion time: 2009-10-24 2:57
ComboFix-quarantined-files.txt 2009-10-24 18:57
ComboFix2.txt 2009-10-23 19:31

Pre-Run: 28,435,394,560 bytes free
Post-Run: 28,458,696,704 bytes free

- - End Of File - - A40124E2F9F027A40282EB859E778BD4
Upload was successful

tetonbob

Good job...next steps...

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Also change passwords to instant messaging programs, etc..

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

======================

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
2. Open notepad and copy/paste the text in the quotebox below into it:
   
   
   Quote:

   Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6849BBC-56CC-A8E1-D991-4640F2ACAFC8}]

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
3. ComboFix may request an update; please allow it.
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   
   ---------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------

I see you have Malwarebytes' AntiMalware installed.

Please update it's definitions, and run a new Quick Scan.

• Launch Malwarebytes' Antimalware
• On the updates tab, click on Check for Updates
• If an update is found, it will begin. Once the update is complete..
• Click on the Scanner tab. Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

klamersus

This is the ComboFix log

===========================================================


ComboFix 09-10-24.01 - Charles Kho 10/25/2009 13:24.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2720 [GMT 8:00]
Running from: c:\documents and settings\Charles Kho\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charles Kho\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-23 22:36 . 2009-10-24 17:51 -------- d-----w- C:\$AVG8.VAULT$
2009-10-23 22:02 . 2009-10-24 01:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 22:02 . 2009-10-23 22:02 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-23 22:02 . 2009-10-23 22:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-23 22:02 . 2009-10-24 01:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-23 22:02 . 2009-10-24 01:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-23 22:02 . 2009-10-25 04:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-23 20:56 . 2009-07-08 04:05 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\windows\system32\AGEIA
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 20:44 . 2009-10-23 21:58 -------- d-----w- c:\windows\NV9081344.TMP
2009-10-23 20:34 . 2009-10-23 20:34 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Blitware
2009-10-23 20:34 . 2009-10-23 20:34 -------- d-----w- c:\program files\Driver Robot
2009-10-22 22:21 . 2009-10-22 22:45 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Dev-Cpp
2009-10-22 19:03 . 2009-10-22 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-22 16:24 . 2009-10-22 16:24 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\AVG8
2009-10-22 16:12 . 2009-10-22 16:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-22 16:11 . 2009-10-22 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-20 15:53 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 15:53 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 22:48 . 2009-10-22 22:40 -------- d-----w- C:\Dev-Cpp
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\program files\TVUPlayer
2009-09-29 10:05 . 2009-09-29 10:05 -------- d-----w- c:\program files\iPod
2009-09-29 10:01 . 2009-09-29 10:01 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 08:06 . 2007-12-03 16:04 -------- d-----w- c:\program files\Java
2009-10-24 07:58 . 2008-01-27 04:04 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\BitTorrent
2009-10-23 22:01 . 2009-09-21 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-23 20:56 . 2007-12-02 09:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 20:56 . 2007-12-02 09:42 -------- d-----w- c:\program files\Realtek
2009-10-23 19:32 . 2007-12-02 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-22 16:13 . 2007-12-02 09:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 04:36 . 2008-01-05 12:20 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\LimeWire
2009-10-21 14:22 . 2008-09-03 13:13 -------- d-----w- c:\program files\Garena
2009-10-06 10:54 . 2007-12-02 09:42 5922816 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 08:34 . 2007-12-02 09:42 18750976 ----a-w- c:\windows\RTHDCPL.EXE
2009-09-30 18:29 . 2007-12-08 20:21 63432 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 17:29 . 2008-05-31 13:52 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\mIRC
2009-09-30 17:28 . 2007-12-08 14:39 -------- d-----w- c:\program files\mIRC
2009-09-29 10:38 . 2008-12-07 10:03 352256 ----a-w- c:\windows\vncutil.exe
2009-09-29 10:05 . 2007-12-29 02:58 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 09:59 . 2007-12-08 06:56 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Apple Computer
2009-09-29 09:12 . 2007-12-02 09:36 77160 ----a-w- c:\documents and settings\Charles Kho\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 16:53 . 2009-09-21 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-21 16:53 . 2007-12-04 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-09-21 16:51 . 2009-09-21 16:51 -------- d-----w- c:\program files\AVG
2009-09-21 08:47 . 2008-12-07 10:03 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-09-21 05:44 . 2009-09-21 05:44 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Uniblue
2009-09-18 13:18 . 2007-12-08 22:19 79587 ----a-w- c:\windows\War3Unin.dat
2009-09-14 16:11 . 2009-09-14 16:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-09-13 05:47 . 2009-09-13 05:47 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-13 05:45 . 2009-09-13 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 05:44 . 2009-09-13 05:44 -------- d-----w- c:\program files\QuickTime
2009-09-13 05:10 . 2008-10-15 22:53 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\ZoomBrowser EX
2009-09-13 05:09 . 2008-10-15 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-11 14:18 . 2002-08-28 19:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:18 . 2008-03-23 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2001-08-23 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 16:02 . 2009-08-29 16:02 -------- d-----w- c:\program files\SopCast
2009-08-29 08:08 . 2002-08-28 19:41 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2002-08-28 19:41 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 09:16 . 2007-12-02 09:42 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-08-28 19:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-28 17:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 06:31 . 2007-12-02 09:42 2170880 ----a-w- c:\windows\MicCal.exe
2009-07-28 08:55 . 2007-12-02 09:40 143360 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-10-24_18.55.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-25 05:18 . 2009-10-25 05:18 16384 c:\windows\Temp\Perflib_Perfdata_850.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"STICAP"="c:\windows\Twain_32\SQ930 USB 2.0 Video Camera\SnapTrap.exe" [2007-02-02 135168]
"SingTel_McciTrayApp"="c:\program files\SingTel\McciTrayApp.exe" [2008-06-27 1453568]
"Salmosa"="c:\program files\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-02 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-24 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-10-06 18750976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-11-28 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-24 01:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"f:\\Itunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/24/2009 6:02 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/24/2009 6:02 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/24/2009 6:02 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/24/2009 6:01 AM 297752]
R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [12/10/2008 7:03 PM 9344]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9e4523a5f16b2;Google Update Service (gupdate1c9e4523a5f16b2);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 9:50 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/7/2008 6:03 PM 1684736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp --> c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-10-24 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-10-23 09:51]

2009-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 14:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 13:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-25 13:29
ComboFix-quarantined-files.txt 2009-10-25 05:29
ComboFix2.txt 2009-10-24 18:57
ComboFix3.txt 2009-10-23 19:31

Pre-Run: 28,469,317,632 bytes free
Post-Run: 28,420,055,040 bytes free

- - End Of File - - 27BD6538A954C28B890455A8E5548969

klamersus

This is the Malwarebytes Anti-Malware Log

=========================================================

Malwarebytes' Anti-Malware 1.41
Database version: 2998
Windows 5.1.2600 Service Pack 3

10/25/2009 4:21:33 PM
mbam-log-2009-10-25 (16-21-33).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 206316
Time elapsed: 40 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\winxp.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12183B9F-9983-40F5-AC6D-D5A406E681A1}\RP11\A0000695.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12183B9F-9983-40F5-AC6D-D5A406E681A1}\RP12\A0000842.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12183B9F-9983-40F5-AC6D-D5A406E681A1}\RP23\A0002315.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

tetonbob

The other items Kaspersky found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below.

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Go to -> Run -> copy/paste in the following single line command & click OK

ComboFix /Uninstall

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
  
  
• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

klamersus

A new threat just pop out a couple of times when i plug my harddisk in.

Threat name: Trojan horse injector.GE
It seems to be coming from my harddisk when i plug it in
File name: H:\System Volume Information\_restore{...........}.exe

But the process name is directed to
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

tetonbob

H is an external drive?

Reset System Restore on all drives manually. Ensure that drive is active.

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

klamersus

I ran Malwarebyte's scan on my harddisk and nothing surfaced.

Ya, it happened after i plug my harddisk into my comp, will it pass the infection into my comp again?

But when i ran kaspersky online scan, 3 infection was detected. Below is the log, are you able to help me remove these too?

=========================================================

KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 26, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 25, 2009 18:52:47
Records in database: 3072101
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
H:\

Scan statistics:
Objects scanned: 26233
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 00:25:46


File name / Threat / Threats count
H:\autorun.inf Infected: Worm.VBS.Autorun.gt 1
H:\Softwares\mirc61.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 1
H:\winfile.jpg Infected: Worm.VBS.Autorun.el 1

Selected area has been scanned.

tetonbob

ok, back when I first posted...

Quite possibly.

Had your H drive been active, we'd likely have this resolved by now.

Download a fresh copy of ComboFix, disable your protection applications, make active ALL USB devices you use with this machine, and run ComboFix. Post the log produced.(re-enable protections)

klamersus

Hi very sorry for the trouble. I plug 2 of my external harddisk that most likely will have problem

===========================================================


ComboFix 09-10-27.04 - Charles Kho 10/28/2009 10:51.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2787 [GMT 8:00]
Running from: c:\documents and settings\Charles Kho\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-25 16:25 . 2009-10-25 16:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-25 16:25 . 2009-10-25 16:27 -------- d-----w- c:\program files\SpywareBlaster
2009-10-25 16:17 . 2009-10-25 16:17 -------- d-----w- c:\documents and settings\Charles Kho\Local Settings\Application Data\Scansoft
2009-10-25 10:37 . 2009-10-25 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-25 10:34 . 2009-10-25 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-10-25 10:34 . 2009-10-25 10:34 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\ScanSoft
2009-10-25 10:34 . 2009-10-25 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-10-25 10:34 . 2009-10-25 10:34 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-10-25 10:33 . 2009-10-25 10:33 -------- d-----w- c:\program files\ScanSoft
2009-10-23 22:36 . 2009-10-25 16:37 -------- d-----w- C:\$AVG8.VAULT$
2009-10-23 22:02 . 2009-10-24 01:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 22:02 . 2009-10-23 22:02 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-23 22:02 . 2009-10-23 22:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-23 22:02 . 2009-10-24 01:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-23 22:02 . 2009-10-24 01:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-23 22:02 . 2009-10-28 00:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-23 20:56 . 2009-07-08 04:05 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\windows\system32\AGEIA
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 20:44 . 2009-10-23 21:58 -------- d-----w- c:\windows\NV9081344.TMP
2009-10-23 20:34 . 2009-10-23 20:34 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Blitware
2009-10-23 20:34 . 2009-10-23 20:34 -------- d-----w- c:\program files\Driver Robot
2009-10-22 22:21 . 2009-10-22 22:45 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Dev-Cpp
2009-10-22 19:03 . 2009-10-22 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 18:59 . 2009-10-22 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-22 16:24 . 2009-10-22 16:24 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\AVG8
2009-10-22 16:12 . 2009-10-22 16:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-22 16:11 . 2009-10-22 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-20 15:53 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 15:53 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 22:48 . 2009-10-22 22:40 -------- d-----w- C:\Dev-Cpp
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-30 18:29 . 2009-09-30 18:29 -------- d-----w- c:\program files\TVUPlayer
2009-09-29 10:05 . 2009-09-29 10:05 -------- d-----w- c:\program files\iPod
2009-09-29 10:01 . 2009-09-29 10:01 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 19:09 . 2007-12-02 09:36 77160 ----a-w- c:\documents and settings\Charles Kho\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 19:08 . 2008-01-27 04:04 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\BitTorrent
2009-10-27 08:35 . 2007-12-02 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 08:34 . 2007-12-02 10:14 -------- d-----w- c:\program files\Microsoft Works
2009-10-25 10:37 . 2008-10-15 17:35 -------- d-----w- c:\program files\Canon
2009-10-25 10:34 . 2007-12-02 09:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-24 08:06 . 2007-12-03 16:04 -------- d-----w- c:\program files\Java
2009-10-23 22:01 . 2009-09-21 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-23 20:56 . 2007-12-02 09:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 20:56 . 2007-12-02 09:42 -------- d-----w- c:\program files\Realtek
2009-10-22 16:13 . 2007-12-02 09:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 04:36 . 2008-01-05 12:20 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\LimeWire
2009-10-21 14:22 . 2008-09-03 13:13 -------- d-----w- c:\program files\Garena
2009-10-06 10:54 . 2007-12-02 09:42 5922816 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 08:34 . 2007-12-02 09:42 18750976 ----a-w- c:\windows\RTHDCPL.EXE
2009-09-30 18:29 . 2007-12-08 20:21 63432 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 17:29 . 2008-05-31 13:52 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\mIRC
2009-09-30 17:28 . 2007-12-08 14:39 -------- d-----w- c:\program files\mIRC
2009-09-29 10:38 . 2008-12-07 10:03 352256 ----a-w- c:\windows\vncutil.exe
2009-09-29 10:05 . 2007-12-29 02:58 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 09:59 . 2007-12-08 06:56 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Apple Computer
2009-09-21 16:53 . 2009-09-21 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-21 16:53 . 2007-12-04 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-09-21 16:51 . 2009-09-21 16:51 -------- d-----w- c:\program files\AVG
2009-09-21 08:47 . 2008-12-07 10:03 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-09-21 05:44 . 2009-09-21 05:44 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\Uniblue
2009-09-18 13:18 . 2007-12-08 22:19 79587 ----a-w- c:\windows\War3Unin.dat
2009-09-14 16:11 . 2009-09-14 16:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-09-13 05:47 . 2009-09-13 05:47 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-13 05:45 . 2009-09-13 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 05:44 . 2009-09-13 05:44 -------- d-----w- c:\program files\QuickTime
2009-09-13 05:10 . 2008-10-15 22:53 -------- d-----w- c:\documents and settings\Charles Kho\Application Data\ZoomBrowser EX
2009-09-13 05:09 . 2008-10-15 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-11 14:18 . 2002-08-28 19:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:18 . 2008-03-23 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2001-08-23 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2002-08-28 19:41 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2002-08-28 19:41 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 09:16 . 2007-12-02 09:42 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-08-28 19:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-28 17:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 06:31 . 2007-12-02 09:42 2170880 ----a-w- c:\windows\MicCal.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"STICAP"="c:\windows\Twain_32\SQ930 USB 2.0 Video Camera\SnapTrap.exe" [2007-02-02 135168]
"SingTel_McciTrayApp"="c:\program files\SingTel\McciTrayApp.exe" [2008-06-27 1453568]
"Salmosa"="c:\program files\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-02 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-24 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-10-06 18750976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-11-28 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-24 01:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\Itunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/24/2009 6:02 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/24/2009 6:02 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/24/2009 6:02 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/24/2009 6:01 AM 297752]
R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [12/10/2008 7:03 PM 9344]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9e4523a5f16b2;Google Update Service (gupdate1c9e4523a5f16b2);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 9:50 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/7/2008 6:03 PM 1684736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp --> c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-10-24 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-10-23 09:51]

2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 13:50]

2009-10-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 14:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Charles Kho\Application Data\Mozilla\Firefox\Profiles\qvwxr8ry.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 10:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\CHARLE~1\LOCALS~1\Temp\FHK26.tmp"
.
Completion time: 2009-10-28 10:57
ComboFix-quarantined-files.txt 2009-10-28 02:57

Pre-Run: 29,725,458,432 bytes free
Post-Run: 29,766,881,280 bytes free

- - End Of File - - 4B59793A17BD9C1548827C8684C676D7

tetonbob

Good job...next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   Ensure your H and I drives are active.
   
2. Open notepad and copy/paste the text in the quotebox below into it:
   
   
   Quote:

   File:: H:\winfile.jpg I:\winfile.jpg

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
3. ComboFix may request an update; please allow it.
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   
   ---------------------------------------------------------------------------------------------

tetonbob

Still with me, klamersus?

I generally unsubscribe from threads after 5 days of inactivity. If I don't receive a reply from you within 24 hours of this post, this topic will be closed.