Welcome to Tech Support Forum home to more then 440,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page TR/Dldr.Zlob.iyt.1 virus
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-05-2009, 06:18 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Hi: I have a PC using Windows XP, partitioned into two drives. My browser is IE8. I also use Avira Antivir Personal and run it routinely. I have a DSL wi-fi connection. A couple of weeks ago, I picked up a virus that prevented me from loading any web page on my C: drive. Instead, I would get a IE8 message that said the internet connection could not be made. At that time, I also got a window that would pop up saying my PC was infected and I needed to scan it right away, please click yes or no. I recognized it as an obvious fake. I did NOT have the same problem with my D: drive. In addition, although I could not connect to the internet on my C: drive, I was able to use Outlook as normal to send/receive e-mail.

Attempting to run Avira on C: would not work. I switched to D: and updated Avira's db before running a scan. The scan found four suspicious files (I'm sorry I don't rmemeber what they were), but no unwanted programs. I quarantined the lot, and rebooted. Unfortunately, I ran into the same problem all over again.

I again rebooted, but in safe mode. I turned off system restore, and ran an Avira scan again. Again, it found four suspicious files. I quarantined them, then rebooted in normal mode, rescanned with Avira. Nothing found. I turned system restore back on, attempted to connect to the internet via IE8, and still couldn't do it. At that point, I shut down for the night.

The next day, I booted up the PC, opened IE8, and right away got my regular home page. I checked to make sure I could connect to other pages, which I could. I ran another Avira scan, found nothing, then shut the computer down. I continued to use the PC without a problem for the next week or so.

A few days ago, I left the computer on. I did not have any apps open except for Windows. When I returned much later, I found the fake virus warning message again. However, I could still connect to the internet. I shut everything down, and went through all the steps I previously described to clean my PC. I would often find suspicious files, but nothing else. Again, this only seemed to affect the C: drive.

Two days ago, in the middle of an internet session, I opened another tab in IE8, and immediately got a message that I couldn't connect to the internet. Although I could still work on the tabs I had opened previously, I would get the "could not connect" message once I closed those tabs and opened a new one.

Now, as soon as I boot up, I will get an Avira detection warning on the TR/Dldr.Zlob.iyt.1 virus. I will deny access, and the warning will pop up again. I'll again deny access, and I get no further warnings.

One last thing, if I leave my D: drive open long enough (say >30 min), Avira will eventually pop up the same warning message, although I had previously only seen it on my C: drive -- and my D: drive continues to operate normally as far as I can tell.

I'm sorry this is such a convoluted description, but the connection problems and warnings seem to be happening randomly, and I can't detect any pattern to them.

Following is my dds log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Guest at 14:32:55.56 on Sat 12/05/2009
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyServer = no;proxy:80
uSearchAssistant = hxxp://www.google.com
mSearchURL = hxxp://www.google.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [Monopod] c:\docume~1\guest\locals~1\temp\b.exe
uRun: [NordBull] c:\docume~1\guest\locals~1\temp\i.exe
uRun: [braviax] c:\windows\system32\braviax.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [uiovnmno] c:\documents and settings\compaq_administrator\local settings\application data\nfcchs\kwihsysguard.exe
mRun: [kcijjwhj] c:\documents and settings\compaq_administrator\local settings\application data\qncbmx\jrgksysguard.exe
StartupFolder: c:\docume~1\guest\startm~1\programs\startup\pinmclnk.lnk - c:\hp\bin\cloaker.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6D5AD93A-F4E2-411F-87E2-9015D0084E12} - hxxps://sharpnet.sharp.com/,DanaInfo=sharpnet.sharp.com+SharpNetCheckUser.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://lawson.sharp.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-03 05:23:29 225792 ----a-w- c:\windows\system32\sshnas.dll
2009-11-17 07:02:59 0 d-sh--w- c:\documents and settings\guest\PrivacIE
2009-11-17 07:02:39 0 d-sh--w- c:\documents and settings\guest\IETldCache
2009-11-17 01:55:37 0 dc-h--w- c:\windows\ie8
2009-11-14 03:35:36 0 d-----w- c:\program files\iPod
2009-11-14 03:35:31 0 d-----w- c:\program files\iTunes
2009-11-14 03:35:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 03:32:20 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2009-01-24 05:58:26 109 --sha-w- c:\windows\system32\2965489765.dat

============= FINISH: 14:33:04.28 ===============

I've used the Techforum before, and you guys have been great. I really appreciate the time and effort you put in to this. Anything you can do this time around would be a blessing. Thanks!

Shortly after posting the above, I was working on my D: drive when I got an Avira warning that the Trojan TR/Dldr.Zlob.iyt.2 was detected. Please note this Trojan is different than the one in the title to this post (note the 1 vs. the 2). I quarantined this this file and continued work with no further problems.
Attached Files
File Type: zip Attach.zip (2.8 KB, 1 views)
File Type: zip ark.zip (607 Bytes, 2 views)
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-09-2009, 01:39 PM   #2 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-10-2009, 07:52 AM   #3 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
Iain: thank you for your reply. I am obligated to attend a work function tonight and tomorrow evening, so I may not be able to get to your instructions until this Saturday. I will be in touch. Thanks.
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-10-2009, 01:56 PM   #4 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
No worries - thanks for letting me know.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-14-2009, 08:12 PM   #5 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
FYI...ComboFix is offline...will keep checking
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-16-2009, 01:07 PM   #6 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
Hi

CF has been updated.

Download the latest version from here and save it to your desktop.


You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Double click on the renamed ComboFix.exe & follow the prompts.


Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-17-2009, 08:45 AM   #7 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
Hi: I got it to download, but I couldn't get it to execute for some reason. I'm going to try again when I get home tonight 5p PST
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-17-2009, 02:17 PM   #8 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
Please make sure you deleted the previous version - then try the new version.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-18-2009, 12:40 AM   #9 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
Thanks for reminding me to delete the previous version. I did, but I'm still having trouble getting KittyFix to run. I've made sure my firewall and Avira are turned off. When I start KittyFix, I get the "publisher not verified" message and click OK to override the warning. As soon as I do that, I get a message that says "errors encountered while performing the operation. Look at the info window for more details." There is, indeed, a tiny window that has popped up, but it is empty (although it's labeled ComboFix). I've reread the instructions on running the program, and I think I'm doing everything right. Clearly, though, I've missed something. ???
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-18-2009, 01:41 PM   #10 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
Hi again

Let's try a different approach for now.

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

-> Click on the Malwarebytes' Anti-Malware icon to launch the program.
-> Click on the Logs tab.
-> Click on the log at the bottom of those listed to highlight it.
-> Click Open.

Copy & Paste the entire report in your next reply.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-18-2009, 04:11 PM   #11 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
I was able to download Malwarebytes, but had to save it to my C: drive. I cannot update it from my C: drive, however, because I can't connect to the internet from that drive. I also can't update it from my D: drive, because I have to be logged in as the administrator. That would require me to be on my C: drive. If there's a way to update Malwarebytes from the D: drive, I couldn't figure it out.

In any event, I was able to perform the Quick Scan, which found a number of infections. I removed all. To complete the removal, I was asked to reboot. When I clicked on the yes command, I got a runtime error message that said the program was attempting to shut down without proper authorization. I closed the window, and rebooted the computer. Below is the log:


Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/18/2009 3:57:21 PM
mbam-log-2009-12-18 (15-57-21).txt

Scan type: Quick Scan
Objects scanned: 113294
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nordbull (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uiovnmno (Trojan.FakeAlert.N) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kcijjwhj (Trojan.FakeAlert.N) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Delete on reboot.
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-18-2009, 05:31 PM   #12 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
I was able to figure out how to run ComboFix


ComboFix 09-12-16.05 - Compaq_Administrator 12/18/2009 16:15:43.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.621 [GMT -8:00]
Running from: c:\documents and settings\Guest\My Documents\My Pictures\KittyFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0495CC5-9DBB-4E04-A13E-78F9F6F5BFC1}
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0495CC5-9DBB-4E04-A13E-78F9F6F5BFC1}\chrome.manifest
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0495CC5-9DBB-4E04-A13E-78F9F6F5BFC1}\chrome\content\_cfg.js
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0495CC5-9DBB-4E04-A13E-78F9F6F5BFC1}\chrome\content\overlay.xul
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0495CC5-9DBB-4E04-A13E-78F9F6F5BFC1}\install.rdf
c:\documents and settings\Guest\Local Settings\Application Data\{9AA05C6D-7338-4504-9A9E-131EA60D1156}
c:\documents and settings\Guest\Local Settings\Application Data\{9AA05C6D-7338-4504-9A9E-131EA60D1156}\chrome.manifest
c:\documents and settings\Guest\Local Settings\Application Data\{9AA05C6D-7338-4504-9A9E-131EA60D1156}\chrome\content\_cfg.js
c:\documents and settings\Guest\Local Settings\Application Data\{9AA05C6D-7338-4504-9A9E-131EA60D1156}\chrome\content\overlay.xul
c:\documents and settings\Guest\Local Settings\Application Data\{9AA05C6D-7338-4504-9A9E-131EA60D1156}\install.rdf
c:\windows\EventSystem.log
c:\windows\Fonts\RandFont.dll
c:\windows\kb913800.exe
c:\windows\system32\2965489765.dat
c:\windows\system32\Ijl11.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gaopdxserv.sys
-------\Legacy_SSHNAS
-------\Service_gaopdxserv.sys
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-19 00:24 . 2009-12-19 00:29 -------- d-----w- c:\windows\LastGood
2009-12-18 23:47 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:47 . 2009-12-18 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:47 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 02:41 . 2009-12-16 02:41 42192 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-06 21:14 . 2009-12-06 21:14 -------- d-sh--w- c:\documents and settings\Guest\IECompatCache
2009-12-03 05:24 . 2009-12-04 06:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx
2009-11-22 23:09 . 2009-11-22 23:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-22 20:05 . 2009-11-22 20:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-21 23:08 . 2009-11-25 07:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 04:32 . 2009-03-24 02:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 23:49 . 2007-01-21 01:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Netscape
2009-12-06 23:49 . 2006-08-08 09:11 -------- d-----w- c:\program files\Rhapsody
2009-11-18 02:04 . 2008-12-27 23:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-14 03:36 . 2009-11-14 03:35 -------- d-----w- c:\program files\iTunes
2009-11-14 03:36 . 2009-11-14 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 03:35 . 2009-11-14 03:35 -------- d-----w- c:\program files\iPod
2009-11-14 03:35 . 2008-12-25 22:53 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 03:32 . 2009-11-14 03:32 -------- d-----w- c:\program files\Bonjour
2009-11-14 03:31 . 2008-12-25 22:54 -------- d-----w- c:\program files\QuickTime
2009-11-14 03:29 . 2009-11-14 03:29 -------- d-----w- c:\program files\Apple Software Update
2009-11-02 01:15 . 2008-02-08 03:49 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks
2009-11-02 00:57 . 2009-11-02 00:57 291696 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2009-11-02 00:57 . 2008-02-08 03:49 36948 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks\setup\uninstall.exe
2009-10-29 04:58 . 2009-10-29 04:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-26 19:05 . 2008-11-06 15:24 -------- d-----w- c:\documents and settings\Guest\Application Data\Move Networks
2009-09-29 02:09 . 2009-09-29 02:09 127872 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\uninstall.exe
2009-09-29 02:09 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-29 02:09 . 2009-09-29 02:09 1686272 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-26 07:00 . 2009-09-26 07:00 17204720 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\rp\.exe
2009-09-26 07:00 . 2009-09-26 07:00 8406648 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-26 06:59 . 2009-09-26 06:59 10309448 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-26 06:58 . 2009-09-26 06:58 64000 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-26 06:58 . 2009-09-26 06:58 52288 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-26 06:58 . 2009-09-26 06:58 50688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-26 06:58 . 2009-09-26 06:58 114688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-26 06:58 . 2008-04-22 14:46 488968 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/23/2009 6:28 PM 108289]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2/27/2007 7:00 PM 11648]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchURL = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: sharp.com\owa
DPF: {6D5AD93A-F4E2-411F-87E2-9015D0084E12} - hxxps://sharpnet.sharp.com/,DanaInfo=sharpnet.sharp.com+SharpNetCheckUser.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uiovnmno - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs\kwihsysguard.exe
HKCU-Run-kcijjwhj - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx\jrgksysguard.exe
HKLM-Run-uiovnmno - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs\kwihsysguard.exe
HKLM-Run-kcijjwhj - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx\jrgksysguard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 17:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1804122254-4121809227-881765876-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-18 17:23:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 01:23
ComboFix2.txt 2009-03-21 23:59

Pre-Run: 219,536,257,024 bytes free
Post-Run: 219,217,211,392 bytes free

- - End Of File - - 11CB38CCE282D26F659DC8645A7C5152
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-19-2009, 12:37 PM   #13 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
Hi again

How is your system running now?

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
DirLook::
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.



Online Scan
Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.

Note that Panda may take several hours to scan your system.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-19-2009, 12:50 PM   #14 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
Hi: I am able to connect to the internet now thru my C: drive. I have to drive someone to the airport shortly. I will try to your new instructions this evening, but may not be able to do this until Sunday. Thanks for all your support so far. - Dan
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-20-2009, 12:48 PM   #15 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
getting ready to do the Panda scan next.

ComboFix 09-12-19.03 - Compaq_Administrator 12/20/2009 12:40:06.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.503 [GMT -8:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\KittyFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-20 11:00 . 2009-12-20 11:00 -------- d-----w- c:\windows\LastGood
2009-12-19 16:10 . 2009-12-19 16:10 -------- d-----w- c:\program files\MSXML 6.0
2009-12-19 08:16 . 2009-12-19 08:16 -------- d-----w- c:\windows\ServicePackFiles
2009-12-18 23:47 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:47 . 2009-12-18 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:47 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 02:41 . 2009-12-16 02:41 42192 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-06 21:14 . 2009-12-06 21:14 -------- d-sh--w- c:\documents and settings\Guest\IECompatCache
2009-12-03 05:24 . 2009-12-04 06:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx
2009-11-22 23:09 . 2009-11-22 23:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-22 20:05 . 2009-11-22 20:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-21 23:08 . 2009-11-25 07:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 16:14 . 2009-12-19 16:14 -------- d-----w- c:\program files\MSBuild
2009-12-19 16:14 . 2009-12-19 16:14 -------- d-----w- c:\program files\Reference Assemblies
2009-12-19 16:07 . 2009-01-18 21:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-10 04:32 . 2009-03-24 02:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 23:49 . 2007-01-21 01:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Netscape
2009-12-06 23:49 . 2006-08-08 09:11 -------- d-----w- c:\program files\Rhapsody
2009-11-18 02:04 . 2008-12-27 23:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-14 03:36 . 2009-11-14 03:35 -------- d-----w- c:\program files\iTunes
2009-11-14 03:36 . 2009-11-14 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 03:35 . 2009-11-14 03:35 -------- d-----w- c:\program files\iPod
2009-11-14 03:35 . 2008-12-25 22:53 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 03:32 . 2009-11-14 03:32 -------- d-----w- c:\program files\Bonjour
2009-11-14 03:31 . 2008-12-25 22:54 -------- d-----w- c:\program files\QuickTime
2009-11-14 03:29 . 2009-11-14 03:29 -------- d-----w- c:\program files\Apple Software Update
2009-11-02 01:15 . 2008-02-08 03:49 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks
2009-11-02 00:57 . 2009-11-02 00:57 291696 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2009-11-02 00:57 . 2008-02-08 03:49 36948 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks\setup\uninstall.exe
2009-10-29 07:46 . 2004-08-10 04:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-11-17 01:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 04:58 . 2009-10-29 04:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-26 19:05 . 2008-11-06 15:24 -------- d-----w- c:\documents and settings\Guest\Application Data\Move Networks
2009-10-21 06:00 . 2004-08-10 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-10 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-10 04:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-10 04:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-10 04:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-10 04:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-29 02:09 . 2009-09-29 02:09 127872 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\uninstall.exe
2009-09-29 02:09 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-29 02:09 . 2009-09-29 02:09 1686272 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-26 07:00 . 2009-09-26 07:00 17204720 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\rp\.exe
2009-09-26 07:00 . 2009-09-26 07:00 8406648 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-26 06:59 . 2009-09-26 06:59 10309448 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-26 06:58 . 2009-09-26 06:58 64000 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-26 06:58 . 2009-09-26 06:58 52288 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-26 06:58 . 2009-09-26 06:58 50688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-26 06:58 . 2009-09-26 06:58 114688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-26 06:58 . 2008-04-22 14:46 488968 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\setup.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} ----

2009-11-14 03:36 . 2009-11-14 03:36 3654 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxInstallLog.txt
2009-06-03 18:32 . 2009-06-03 18:32 7994 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\gearaspiwdmx86.cat
2009-05-18 22:48 . 2009-05-18 22:48 2763 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\GEARAspiWDM.inf
2009-05-18 22:17 . 2009-05-18 22:17 26600 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspiWDM.sys
2009-02-04 22:56 . 2009-02-04 22:56 75112 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
2008-04-17 21:12 . 2008-04-17 21:12 107368 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspi.dll
2006-11-02 15:21 . 2006-11-02 15:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxAPI.dll

---- Directory of c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs ----


---- Directory of c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx ----



((((((((((((((((((((((((((((( SnapShot_2009-12-20_07.22.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-20 11:08 . 2009-12-20 11:08 16384 c:\windows\temp\Perflib_Perfdata_720.dat
- 2004-08-10 04:00 . 2004-08-10 04:00 50176 c:\windows\system32\utilman.exe
+ 2004-08-10 04:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 35840 c:\windows\system32\umandlg.dll
+ 2004-08-10 04:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
- 2005-08-31 04:07 . 2009-12-19 16:18 71732 c:\windows\system32\perfc009.dat
+ 2005-08-31 04:07 . 2009-12-20 11:12 71732 c:\windows\system32\perfc009.dat
- 2004-08-10 04:00 . 2004-08-10 04:00 53760 c:\windows\system32\narrator.exe
+ 2004-08-10 04:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 72704 c:\windows\system32\magnify.exe
+ 2004-08-10 04:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-10 04:00 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-10 04:00 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-10 04:00 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-10 04:00 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 53760 c:\windows\system32\dllcache\narrator.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-10 04:00 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-10 04:00 . 2009-10-21 06:00 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-12-20 11:06 . 2009-12-20 11:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-12-20 11:06 . 2009-12-20 11:06 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-12-20 11:14 . 2009-12-20 11:14 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-12-20 11:14 . 2009-12-20 11:14 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-10 04:00 . 2009-08-25 09:47 352256 c:\windows\system32\winhttp.dll
- 2005-08-31 04:07 . 2009-12-19 16:18 442466 c:\windows\system32\perfh009.dat
+ 2005-08-31 04:07 . 2009-12-20 11:12 442466 c:\windows\system32\perfh009.dat
+ 2004-08-10 04:00 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 215552 c:\windows\system32\osk.exe
+ 2004-08-10 04:00 . 2009-08-25 09:47 352256 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 04:00 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 215552 c:\windows\system32\dllcache\osk.exe
+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys
+ 2009-08-08 07:51 . 2009-08-08 07:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-12-20 11:02 . 2009-12-20 11:02 969728 c:\windows\Installer\b54300.msi
+ 2009-03-20 19:48 . 2009-03-20 19:48 183808 c:\windows\Installer\b542ed.msp
+ 2006-08-08 08:51 . 2009-10-20 14:58 263552 c:\windows\Driver Cache\i386\http.sys
+ 2009-12-20 11:15 . 2009-12-20 11:15 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-12-20 11:09 . 2009-12-20 11:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-12-20 11:14 . 2009-12-20 11:14 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-12-20 11:14 . 2009-12-20 11:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-12-20 11:15 . 2009-12-20 11:15 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-12-20 11:07 . 2009-12-20 11:07 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-12-20 11:15 . 2009-12-20 11:15 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-12-20 11:14 . 2009-12-20 11:14 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-12-20 11:14 . 2009-12-20 11:14 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-08-20 01:07 . 2009-08-20 01:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-08-08 07:51 . 2009-08-08 07:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 12:59 . 2008-11-25 12:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 07:51 . 2009-08-08 07:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-12-20 11:06 . 2009-12-20 11:06 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-12-20 11:06 . 2009-12-20 11:06 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-12-20 11:14 . 2009-12-20 11:14 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-12-20 11:14 . 2009-12-20 11:14 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-12-20 11:06 . 2009-12-20 11:06 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-12-20 11:16 . 2009-12-20 11:16 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-12-20 11:15 . 2009-12-20 11:15 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-12-20 11:04 . 2009-12-20 11:04 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-12-19 16:18 . 2009-12-19 16:18 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-08-15 04:32 . 2009-08-15 04:32 11110912 c:\windows\Installer\b5430d.msp
+ 2009-12-20 11:09 . 2009-12-20 11:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-12-20 11:17 . 2009-12-20 11:17 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-12-20 11:14 . 2009-12-20 11:14 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-12-20 11:09 . 2009-12-20 11:09 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-12-20 11:07 . 2009-12-20 11:07 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-12-20 11:06 . 2009-12-20 11:06 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-12-20 11:05 . 2009-12-20 11:05 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/23/2009 6:28 PM 108289]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2/27/2007 7:00 PM 11648]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchURL = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: sharp.com\owa
DPF: {6D5AD93A-F4E2-411F-87E2-9015D0084E12} - hxxps://sharpnet.sharp.com/,DanaInfo=sharpnet.sharp.com+SharpNetCheckUser.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 12:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1804122254-4121809227-881765876-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-20 12:46:12
ComboFix-quarantined-files.txt 2009-12-20 20:46
ComboFix2.txt 2009-12-20 07:24
ComboFix3.txt 2009-12-19 01:23
ComboFix4.txt 2009-03-21 23:59

Pre-Run: 217,421,893,632 bytes free
Post-Run: 217,397,608,448 bytes free

- - End Of File - - 10F6CC03702153C593DBFE5DC4979A5C
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-20-2009, 06:42 PM   #16 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
Attached are the results of the Panda scan.
Attached Files
File Type: txt ActiveScan.txt (9.3 KB, 1 views)
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-21-2009, 04:30 AM   #17 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
Hi again

How is your system running now?


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
Folder::
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs
c:\program files\online services\peoplepc
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-21-2009, 11:50 AM   #18 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
ComboFix 09-12-19.03 - Compaq_Administrator 12/21/2009 9:33.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.606 [GMT -8:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\KittyFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfcchs
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qncbmx
c:\program files\online services\peoplepc
c:\program files\online services\peoplepc\Accelerated\AcceleratedInstaller.exe
c:\program files\online services\peoplepc\Autorun.inf
c:\program files\online services\peoplepc\BartShel.exe
c:\program files\online services\peoplepc\Bin\9XRas.dll
c:\program files\online services\peoplepc\Bin\Crypto.dll
c:\program files\online services\peoplepc\Bin\Downloader.dll
c:\program files\online services\peoplepc\Bin\IniMod.dll
c:\program files\online services\peoplepc\Bin\ISPUtil8.dll
c:\program files\online services\peoplepc\Bin\MailClient.dll
c:\program files\online services\peoplepc\Bin\ODWabUtil.dll
c:\program files\online services\peoplepc\Bin\PaceSync.dll
c:\program files\online services\peoplepc\Bin\POP3.INS
c:\program files\online services\peoplepc\Bin\PPCLog.dll
c:\program files\online services\peoplepc\Bin\PPCOfso.dll
c:\program files\online services\peoplepc\Bin\PPCOLink.exe
c:\program files\online services\peoplepc\Bin\PPCOXML.dll
c:\program files\online services\peoplepc\Bin\Tapi.dll
c:\program files\online services\peoplepc\Bin\XPRas.dll
c:\program files\online services\peoplepc\Browser\BartShel.exe
c:\program files\online services\peoplepc\Browser\PPShared.exe
c:\program files\online services\peoplepc\Dialer.dll
c:\program files\online services\peoplepc\Downloader.dll
c:\program files\online services\peoplepc\DUN\Msdun13.exe
c:\program files\online services\peoplepc\EULA.brt
c:\program files\online services\peoplepc\FinishedInstall.brt
c:\program files\online services\peoplepc\Flash.inf
c:\program files\online services\peoplepc\Flash.ocx
c:\program files\online services\peoplepc\flashplayer7_winax.exe
c:\program files\online services\peoplepc\Help\PeoplePC_QuickHelp.chm
c:\program files\online services\peoplepc\HPPeoplePC.exe
c:\program files\online services\peoplepc\HTA\accel_login.brt
c:\program files\online services\peoplepc\HTA\accelerated\accel_login.brt
c:\program files\online services\peoplepc\HTA\accelerated\accelerated.brt
c:\program files\online services\peoplepc\HTA\accelerated\accelerated_diagnostics.brt
c:\program files\online services\peoplepc\HTA\accelerated\images\accel_level1.jpg
c:\program files\online services\peoplepc\HTA\accelerated\images\accel_level2.jpg
c:\program files\online services\peoplepc\HTA\accelerated\images\accel_level3.jpg
c:\program files\online services\peoplepc\HTA\accelerated\images\accel_level4.jpg
c:\program files\online services\peoplepc\HTA\accelerated\images\accel_level5.jpg
c:\program files\online services\peoplepc\HTA\accelerated\images\accel_quality_arrows.gif
c:\program files\online services\peoplepc\HTA\accelerated\images\accel_refreshfullquality.gif
c:\program files\online services\peoplepc\HTA\accelerated\images\btn_deletetempfiles.gif
c:\program files\online services\peoplepc\HTA\accelerated\images\btn_resetthesetotals.gif
c:\program files\online services\peoplepc\HTA\accelerated\images\clear_info_btn.gif
c:\program files\online services\peoplepc\HTA\accelerated\images\copy_window_btn.gif
c:\program files\online services\peoplepc\HTA\accelerated\images\run_test_btn.gif
c:\program files\online services\peoplepc\HTA\accelerated\images\system_info_btn.gif
c:\program files\online services\peoplepc\HTA\accelerated\performance.brt
c:\program files\online services\peoplepc\HTA\accelerated\tips_AccelLevel.brt
c:\program files\online services\peoplepc\HTA\accelerated\tips_DeleteTmpFiles.brt
c:\program files\online services\peoplepc\HTA\accelerated\tips_ResetStats.brt
c:\program files\online services\peoplepc\HTA\accelerated\tips_WhyDeleteTmpFiles.brt
c:\program files\online services\peoplepc\HTA\accelerated_settings.brt
c:\program files\online services\peoplepc\HTA\autoconnect.brt
c:\program files\online services\peoplepc\HTA\Banner.brt
c:\program files\online services\peoplepc\HTA\cd.brt
c:\program files\online services\peoplepc\HTA\cicero.brt
c:\program files\online services\peoplepc\HTA\ComingSoon.brt
c:\program files\online services\peoplepc\HTA\Configure.brt
c:\program files\online services\peoplepc\HTA\confirm.brt
c:\program files\online services\peoplepc\HTA\confirm2.brt
c:\program files\online services\peoplepc\HTA\connecting.brt
c:\program files\online services\peoplepc\HTA\Content\tips.xml
c:\program files\online services\peoplepc\HTA\Content\wotd.xml
c:\program files\online services\peoplepc\HTA\Data\navigation.xml
c:\program files\online services\peoplepc\HTA\dialog.brt
c:\program files\online services\peoplepc\HTA\disconnect.brt
c:\program files\online services\peoplepc\HTA\download_login.brt
c:\program files\online services\peoplepc\HTA\error.brt
c:\program files\online services\peoplepc\HTA\frame.brt
c:\program files\online services\peoplepc\HTA\harddisconnect.brt
c:\program files\online services\peoplepc\HTA\idledisconnect.brt
c:\program files\online services\peoplepc\HTA\Images\1.gif
c:\program files\online services\peoplepc\HTA\Images\2.gif
c:\program files\online services\peoplepc\HTA\Images\border.gif
c:\program files\online services\peoplepc\HTA\Images\btn_ad_location.gif
c:\program files\online services\peoplepc\HTA\Images\btn_add_numbers.gif
c:\program files\online services\peoplepc\HTA\Images\btn_add_numbers2.gif
c:\program files\online services\peoplepc\HTA\Images\btn_agree_off.gif
c:\program files\online services\peoplepc\HTA\Images\btn_agree_on.gif
c:\program files\online services\peoplepc\HTA\Images\btn_Back.gif
c:\program files\online services\peoplepc\HTA\Images\btn_Cancel.gif
c:\program files\online services\peoplepc\HTA\Images\btn_cancel2.gif
c:\program files\online services\peoplepc\HTA\Images\btn_close_window2.gif
c:\program files\online services\peoplepc\HTA\Images\btn_connect.gif
c:\program files\online services\peoplepc\HTA\Images\btn_connect2.gif
c:\program files\online services\peoplepc\HTA\Images\btn_continue.gif
c:\program files\online services\peoplepc\HTA\Images\btn_continue_setup.gif
c:\program files\online services\peoplepc\HTA\Images\btn_continue2.gif
c:\program files\online services\peoplepc\HTA\Images\btn_ContinueInstallation.gif
c:\program files\online services\peoplepc\HTA\Images\btn_ContinuePreviousInstallation.gif
c:\program files\online services\peoplepc\HTA\Images\btn_disagree_off.gif
c:\program files\online services\peoplepc\HTA\Images\btn_disagree_on.gif
c:\program files\online services\peoplepc\HTA\Images\btn_disconnect.gif
c:\program files\online services\peoplepc\HTA\Images\btn_Finish.gif
c:\program files\online services\peoplepc\HTA\Images\btn_help.gif
c:\program files\online services\peoplepc\HTA\Images\btn_help2.gif
c:\program files\online services\peoplepc\HTA\Images\btn_hidedetails.gif
c:\program files\online services\peoplepc\HTA\Images\btn_moredetails.gif
c:\program files\online services\peoplepc\HTA\Images\btn_Next.gif
c:\program files\online services\peoplepc\HTA\Images\btn_No.gif
c:\program files\online services\peoplepc\HTA\Images\btn_OK.gif
c:\program files\online services\peoplepc\HTA\Images\btn_OK2.gif
c:\program files\online services\peoplepc\HTA\Images\btn_reconnect_now.gif
c:\program files\online services\peoplepc\HTA\Images\btn_rename_location.gif
c:\program files\online services\peoplepc\HTA\Images\btn_retry.gif
c:\program files\online services\peoplepc\HTA\Images\btn_reviewdialing.gif
c:\program files\online services\peoplepc\HTA\Images\btn_sign_in_now.gif
c:\program files\online services\peoplepc\HTA\Images\btn_SignUpNow.gif
c:\program files\online services\peoplepc\HTA\Images\btn_skip_step.gif
c:\program files\online services\peoplepc\HTA\Images\btn_stay_online.gif
c:\program files\online services\peoplepc\HTA\Images\btn_stayonline.gif
c:\program files\online services\peoplepc\HTA\Images\btn_StopInstallation.gif
c:\program files\online services\peoplepc\HTA\Images\btn_tryagain.gif
c:\program files\online services\peoplepc\HTA\Images\btn_TryNextNumber.gif
c:\program files\online services\peoplepc\HTA\Images\btn_workoffline.gif
c:\program files\online services\peoplepc\HTA\Images\btn_Yes.gif
c:\program files\online services\peoplepc\HTA\Images\cancel2_btn.gif
c:\program files\online services\peoplepc\HTA\Images\cd_signin_gradient.gif
c:\program files\online services\peoplepc\HTA\Images\check_blue.gif
c:\program files\online services\peoplepc\HTA\Images\check_orange.gif
c:\program files\online services\peoplepc\HTA\Images\check_red.gif
c:\program files\online services\peoplepc\HTA\Images\closex.gif
c:\program files\online services\peoplepc\HTA\Images\confirm_background_gradient_left.gif
c:\program files\online services\peoplepc\HTA\Images\confirm_background_gradient_main.gif
c:\program files\online services\peoplepc\HTA\Images\confirm_background_gradient_right.gif
c:\program files\online services\peoplepc\HTA\Images\Content\totd.gif
c:\program files\online services\peoplepc\HTA\Images\Content\wotd.gif
c:\program files\online services\peoplepc\HTA\Images\content_frame_lft.jpg
c:\program files\online services\peoplepc\HTA\Images\content_frame_rt.jpg
c:\program files\online services\peoplepc\HTA\Images\corner_login_botleft.gif
c:\program files\online services\peoplepc\HTA\Images\corner_login_botright.gif
c:\program files\online services\peoplepc\HTA\Images\corner_login_side.gif
c:\program files\online services\peoplepc\HTA\Images\corner_login_topleft.gif
c:\program files\online services\peoplepc\HTA\Images\corner_login_topright.gif
c:\program files\online services\peoplepc\HTA\Images\Email_Change.ico
c:\program files\online services\peoplepc\HTA\Images\error_alert.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_bottom.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_leftbottom.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_leftmain.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_lefttop.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_main.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_rightbottom.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_rightmain.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_righttop.gif
c:\program files\online services\peoplepc\HTA\Images\error_background_gradient_top.gif
c:\program files\online services\peoplepc\HTA\Images\finished_btn.gif
c:\program files\online services\peoplepc\HTA\Images\finished_icon.gif
c:\program files\online services\peoplepc\HTA\Images\finished_icon1.gif
c:\program files\online services\peoplepc\HTA\Images\getstarted_notify.gif
c:\program files\online services\peoplepc\HTA\Images\glassblock.gif
c:\program files\online services\peoplepc\HTA\Images\header_arrows.gif
c:\program files\online services\peoplepc\HTA\Images\header_Choose_Option.gif
c:\program files\online services\peoplepc\HTA\Images\header_connecting.gif
c:\program files\online services\peoplepc\HTA\Images\header_notify.gif
c:\program files\online services\peoplepc\HTA\Images\header_settings.gif
c:\program files\online services\peoplepc\HTA\Images\header_welcome.gif
c:\program files\online services\peoplepc\HTA\Images\icon_connecting_bullet.gif
c:\program files\online services\peoplepc\HTA\Images\icon_connecting_step1.gif
c:\program files\online services\peoplepc\HTA\Images\icon_connecting_step2.gif
c:\program files\online services\peoplepc\HTA\Images\icon_connecting_step3.gif
c:\program files\online services\peoplepc\HTA\Images\install_gradient.gif
c:\program files\online services\peoplepc\HTA\Images\install_logo.gif
c:\program files\online services\peoplepc\HTA\Images\InstallComplete.gif
c:\program files\online services\peoplepc\HTA\Images\installprogressbar_box.gif
c:\program files\online services\peoplepc\HTA\Images\login_background_gradient.jpg
c:\program files\online services\peoplepc\HTA\Images\logo.gif
c:\program files\online services\peoplepc\HTA\Images\logo_notify.gif
c:\program files\online services\peoplepc\HTA\Images\navigation_arrow_blue.gif
c:\program files\online services\peoplepc\HTA\Images\navigation_arrow_flyout.gif
c:\program files\online services\peoplepc\HTA\Images\navigation_arrow_orange.gif
c:\program files\online services\peoplepc\HTA\Images\navigation_arrow_steps.gif
c:\program files\online services\peoplepc\HTA\Images\next_btn2.gif
c:\program files\online services\peoplepc\HTA\Images\non_member_signup.gif
c:\program files\online services\peoplepc\HTA\Images\notify_line.gif
c:\program files\online services\peoplepc\HTA\Images\or.gif
c:\program files\online services\peoplepc\HTA\Images\page_background_gradient.jpg
c:\program files\online services\peoplepc\HTA\Images\phone_icon.gif
c:\program files\online services\peoplepc\HTA\Images\phone_icon1.gif
c:\program files\online services\peoplepc\HTA\Images\photo_background_gradient.gif
c:\program files\online services\peoplepc\HTA\Images\photo_default.jpg
c:\program files\online services\peoplepc\HTA\Images\PPC_DrkBlue_icon.gif
c:\program files\online services\peoplepc\HTA\Images\ppc_powered.gif
c:\program files\online services\peoplepc\HTA\Images\progressbar_box.gif
c:\program files\online services\peoplepc\HTA\Images\reg_progress_bar_start.gif
c:\program files\online services\peoplepc\HTA\Images\reg_progress_bar_stop.gif
c:\program files\online services\peoplepc\HTA\Images\selectbox_arrow.gif
c:\program files\online services\peoplepc\HTA\Images\send_btn.gif
c:\program files\online services\peoplepc\HTA\Images\send_notification_btn.gif
c:\program files\online services\peoplepc\HTA\Images\shadowbox_frame.gif
c:\program files\online services\peoplepc\HTA\Images\smheader_settings.gif
c:\program files\online services\peoplepc\HTA\Images\spacer.gif
c:\program files\online services\peoplepc\HTA\Images\stay_online_off.gif
c:\program files\online services\peoplepc\HTA\Images\stay_online_on.gif
c:\program files\online services\peoplepc\HTA\Images\subheader_member.gif
c:\program files\online services\peoplepc\HTA\Images\subheader_no_member.gif
c:\program files\online services\peoplepc\HTA\Images\talking_icon.gif
c:\program files\online services\peoplepc\HTA\Images\talking_icon1.gif
c:\program files\online services\peoplepc\HTA\Images\temp_install_flash.gif
c:\program files\online services\peoplepc\HTA\Images\text_connectionsettings.gif
c:\program files\online services\peoplepc\HTA\Images\wave.gif
c:\program files\online services\peoplepc\HTA\LoadError.brt
c:\program files\online services\peoplepc\HTA\login.brt
c:\program files\online services\peoplepc\HTA\mail_notify.brt
c:\program files\online services\peoplepc\HTA\mail_notify_finished.brt
c:\program files\online services\peoplepc\HTA\mail_notify_notice.brt
c:\program files\online services\peoplepc\HTA\main.brt
c:\program files\online services\peoplepc\HTA\password\password.brt
c:\program files\online services\peoplepc\HTA\progress.brt
c:\program files\online services\peoplepc\HTA\radius_harddisconnect.brt
c:\program files\online services\peoplepc\HTA\reconnect.brt
c:\program files\online services\peoplepc\HTA\reconnect_reg.brt
c:\program files\online services\peoplepc\HTA\rename.brt
c:\program files\online services\peoplepc\HTA\Scripts\bart.js
c:\program files\online services\peoplepc\HTA\Scripts\content.js
c:\program files\online services\peoplepc\HTA\Scripts\display.js
c:\program files\online services\peoplepc\HTA\Scripts\download.js
c:\program files\online services\peoplepc\HTA\Scripts\mail.js
c:\program files\online services\peoplepc\HTA\Scripts\popup.js
c:\program files\online services\peoplepc\HTA\Scripts\propel.js
c:\program files\online services\peoplepc\HTA\Scripts\softwarelog.js
c:\program files\online services\peoplepc\HTA\Scripts\sound.js
c:\program files\online services\peoplepc\HTA\Scripts\toast.js
c:\program files\online services\peoplepc\HTA\Scripts\utils.js
c:\program files\online services\peoplepc\HTA\sessiontimeout.brt
c:\program files\online services\peoplepc\HTA\settings_accessnumbers.brt
c:\program files\online services\peoplepc\HTA\settings_advanced.brt
c:\program files\online services\peoplepc\HTA\settings_connectiontype.brt
c:\program files\online services\peoplepc\HTA\settings_editnumbers.brt
c:\program files\online services\peoplepc\HTA\settings_locations.brt
c:\program files\online services\peoplepc\HTA\station.brt
c:\program files\online services\peoplepc\HTA\Style\global.css
c:\program files\online services\peoplepc\HTA\Style\modal.css
c:\program files\online services\peoplepc\HTA\tapi.brt
c:\program files\online services\peoplepc\HTA\tips.xml
c:\program files\online services\peoplepc\HTA\Toasts\deal.brt
c:\program files\online services\peoplepc\HTA\Toasts\images\deal_bgd.jpg
c:\program files\online services\peoplepc\HTA\Toasts\images\deal_crnr.gif
c:\program files\online services\peoplepc\HTA\Toasts\images\deal_hdr.gif
c:\program files\online services\peoplepc\HTA\Toasts\images\deal_icon.gif
c:\program files\online services\peoplepc\HTA\Toasts\images\email.gif
c:\program files\online services\peoplepc\HTA\Toasts\images\toast_bgd.jpg
c:\program files\online services\peoplepc\HTA\Toasts\mail.brt
c:\program files\online services\peoplepc\HTA\Toasts\url.brt
c:\program files\online services\peoplepc\HTA\wotd.xml
c:\program files\online services\peoplepc\ICON\acc_connected_16.ico
c:\program files\online services\peoplepc\ICON\acc_connected_256.ico
c:\program files\online services\peoplepc\ICON\BM.GIF
c:\program files\online services\peoplepc\ICON\brand.ico
c:\program files\online services\peoplepc\ICON\busy_16.ico
c:\program files\online services\peoplepc\ICON\busy_256.ico
c:\program files\online services\peoplepc\ICON\busy2_16.ico
c:\program files\online services\peoplepc\ICON\busy2_256.ico
c:\program files\online services\peoplepc\ICON\email_change.ico
c:\program files\online services\peoplepc\ICON\Email95.ico
c:\program files\online services\peoplepc\ICON\EmailChangeNotification_2000.ico
c:\program files\online services\peoplepc\ICON\EmailChangeNotification_95.ico
c:\program files\online services\peoplepc\ICON\EmailChangeNotification_XP.ico
c:\program files\online services\peoplepc\ICON\GB.GIF
c:\program files\online services\peoplepc\ICON\glassblock.gif
c:\program files\online services\peoplepc\ICON\GM.GIF
c:\program files\online services\peoplepc\ICON\having_trouble_16.ico
c:\program files\online services\peoplepc\ICON\having_trouble_256.ico
c:\program files\online services\peoplepc\ICON\Help.ico
c:\program files\online services\peoplepc\ICON\ISPSetup.ico
c:\program files\online services\peoplepc\ICON\LE.GIF
c:\program files\online services\peoplepc\ICON\LEB.GIF
c:\program files\online services\peoplepc\ICON\Logo_w_Tagline.gif
c:\program files\online services\peoplepc\ICON\on_disabled_16.ico
c:\program files\online services\peoplepc\ICON\on_disabled_256.ico
c:\program files\online services\peoplepc\ICON\Password.ico
c:\program files\online services\peoplepc\ICON\PPCO95.ICO
c:\program files\online services\peoplepc\ICON\RE.GIF
c:\program files\online services\peoplepc\ICON\REG.GIF
c:\program files\online services\peoplepc\ICON\spacer.gif
c:\program files\online services\peoplepc\ICON\systray_offline_16.ico
c:\program files\online services\peoplepc\ICON\systray_offline_256.ico
c:\program files\online services\peoplepc\ICON\systray_online_16.ico
c:\program files\online services\peoplepc\ICON\systray_online_256.ico
c:\program files\online services\peoplepc\IE\EN\ADVAUTH.CAB
c:\program files\online services\peoplepc\IE\EN\AOLSUPP.CAB
c:\program files\online services\peoplepc\IE\EN\AXA.CAB
c:\program files\online services\peoplepc\IE\EN\AXA3.CAB
c:\program files\online services\peoplepc\IE\EN\BRANDING.CAB
c:\program files\online services\peoplepc\IE\EN\CRLUPD.CAB
c:\program files\online services\peoplepc\IE\EN\FONTCORE.CAB
c:\program files\online services\peoplepc\IE\EN\FONTSUP.CAB
c:\program files\online services\peoplepc\IE\EN\GSETUP95.CAB
c:\program files\online services\peoplepc\IE\EN\GSETUPNT.CAB
c:\program files\online services\peoplepc\IE\EN\HELPCONT.CAB
c:\program files\online services\peoplepc\IE\EN\HHUPD.CAB
c:\program files\online services\peoplepc\IE\EN\ICW.CAB
c:\program files\online services\peoplepc\IE\EN\ICWCON.CAB
c:\program files\online services\peoplepc\IE\EN\IE_EXTRA.CAB
c:\program files\online services\peoplepc\IE\EN\IE_S1.CAB
c:\program files\online services\peoplepc\IE\EN\IE_S2.CAB
c:\program files\online services\peoplepc\IE\EN\IE_S3.CAB
c:\program files\online services\peoplepc\IE\EN\IE_S4.CAB
c:\program files\online services\peoplepc\IE\EN\IE_S5.CAB
c:\program files\online services\peoplepc\IE\EN\IE_S6.CAB
c:\program files\online services\peoplepc\IE\EN\ie6setup.exe
c:\program files\online services\peoplepc\IE\EN\IECIF.CAB
c:\program files\online services\peoplepc\IE\EN\IEDATA.CAB
c:\program files\online services\peoplepc\IE\EN\IEDOM.CAB
c:\program files\online services\peoplepc\IE\EN\IEEXINST.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKAD.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKAR.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKIW.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKJA.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKKO.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKPE.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKTH.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKVI.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKZHC.CAB
c:\program files\online services\peoplepc\IE\EN\IELPKZHT.CAB
c:\program files\online services\peoplepc\IE\EN\IEMIL_1.CAB
c:\program files\online services\peoplepc\IE\EN\IEMIL_2.CAB
c:\program files\online services\peoplepc\IE\EN\IEMIL_3.CAB
c:\program files\online services\peoplepc\IE\EN\IEMIL_4.CAB
c:\program files\online services\peoplepc\IE\EN\IENT_S1.CAB
c:\program files\online services\peoplepc\IE\EN\IENT_S2.CAB
c:\program files\online services\peoplepc\IE\EN\IENT_S3.CAB
c:\program files\online services\peoplepc\IE\EN\IENT_S4.CAB
c:\program files\online services\peoplepc\IE\EN\IENT_S5.CAB
c:\program files\online services\peoplepc\IE\EN\IENT_S6.CAB
c:\program files\online services\peoplepc\IE\EN\iesetup.ini
c:\program files\online services\peoplepc\IE\EN\IEW2K_1.CAB
c:\program files\online services\peoplepc\IE\EN\IEW2K_2.CAB
c:\program files\online services\peoplepc\IE\EN\IEW2K_3.CAB
c:\program files\online services\peoplepc\IE\EN\IEW2K_4.CAB
c:\program files\online services\peoplepc\IE\EN\JAAIME.CAB
c:\program files\online services\peoplepc\IE\EN\KOAIME.CAB
c:\program files\online services\peoplepc\IE\EN\MAILNEWS.CAB
c:\program files\online services\peoplepc\IE\EN\MOBILE95.CAB
c:\program files\online services\peoplepc\IE\EN\MOBILENT.CAB
c:\program files\online services\peoplepc\IE\EN\MPCDCS.CAB
c:\program files\online services\peoplepc\IE\EN\MPLAY2A.CAB
c:\program files\online services\peoplepc\IE\EN\MPLAY2U.CAB
c:\program files\online services\peoplepc\IE\EN\MPLAYER2.CAB
c:\program files\online services\peoplepc\IE\EN\OAINST.CAB
c:\program files\online services\peoplepc\IE\EN\OEEXCEP.CAB
c:\program files\online services\peoplepc\IE\EN\README.CAB
c:\program files\online services\peoplepc\IE\EN\SCAIME.CAB
c:\program files\online services\peoplepc\IE\EN\SCR56EN.CAB
c:\program files\online services\peoplepc\IE\EN\SCRIPTEN.CAB
c:\program files\online services\peoplepc\IE\EN\SETUPNT.CAB
c:\program files\online services\peoplepc\IE\EN\SETUPW95.CAB
c:\program files\online services\peoplepc\IE\EN\SWFLASH.CAB
c:\program files\online services\peoplepc\IE\EN\TCAIME.CAB
c:\program files\online services\peoplepc\IE\EN\TS95.CAB
c:\program files\online services\peoplepc\IE\EN\TSNT.CAB
c:\program files\online services\peoplepc\IE\EN\USP10.CAB
c:\program files\online services\peoplepc\IE\EN\VGX.CAB
c:\program files\online services\peoplepc\IE\EN\WAB.CAB
c:\program files\online services\peoplepc\Images\install_gradient.gif
c:\program files\online services\peoplepc\Images\install_logo.gif
c:\program files\online services\peoplepc\Images\progressbar_box.gif
c:\program files\online services\peoplepc\Images\reg_progress_bar_start.gif
c:\program files\online services\peoplepc\Images\reg_progress_bar_stop.gif
c:\program files\online services\peoplepc\Images\temp_install_flash.gif
c:\program files\online services\peoplepc\Install.brt
c:\program files\online services\peoplepc\Install.swf
c:\program files\online services\peoplepc\Intro.brt
c:\program files\online services\peoplepc\Intro.swf
c:\program files\online services\peoplepc\ISP5900\Accelerated\AcceleratedInstaller.exe
c:\program files\online services\peoplepc\ISP5900\Autorun.inf
c:\program files\online services\peoplepc\ISP5900\Branding\9X\systray_offline.ico
c:\program files\online services\peoplepc\ISP5900\Branding\9X\systray_online.ico
c:\program files\online services\peoplepc\ISP5900\Branding\bartppc.exe
c:\program files\online services\peoplepc\ISP5900\Branding\Email95.ico
c:\program files\online services\peoplepc\ISP5900\Branding\NT\systray_offline.ico
c:\program files\online services\peoplepc\ISP5900\Branding\NT\systray_online.ico
c:\program files\online services\peoplepc\ISP5900\Branding\ppal3ppc.exe
c:\program files\online services\peoplepc\ISP5900\Branding\PPCO95.ICO
c:\program files\online services\peoplepc\ISP5900\Branding\XP\systray_offline.ico
c:\program files\online services\peoplepc\ISP5900\Branding\XP\systray_online.ico
c:\program files\online services\peoplepc\ISP5900\Dialer\DIALER.CHM
c:\program files\online services\peoplepc\ISP5900\Dialer\dialer.exe
c:\program files\online services\peoplepc\ISP5900\Dialer\Dll\AUTODIAL.DLL
c:\program files\online services\peoplepc\ISP5900\Dialer\Dll\CustomDial.dll
c:\program files\online services\peoplepc\ISP5900\Dialer\Dll\images.dll
c:\program files\online services\peoplepc\ISP5900\Dialer\Dll\lang_en.dll
c:\program files\online services\peoplepc\ISP5900\Dialer\Dll\PROXY.DLL
c:\program files\online services\peoplepc\ISP5900\Dialer\Dms\CALLREC.DAT
c:\program files\online services\peoplepc\ISP5900\Dialer\Dms\dms.dll
c:\program files\online services\peoplepc\ISP5900\Dialer\Updates\dir.dat
c:\program files\online services\peoplepc\ISP5900\Dll\AutoDial.dll
c:\program files\online services\peoplepc\ISP5900\Dll\CAB.DLL
c:\program files\online services\peoplepc\ISP5900\Dll\CLOSEIE.EXE
c:\program files\online services\peoplepc\ISP5900\Dll\CRYPTO.DLL
c:\program files\online services\peoplepc\ISP5900\Dll\DOWNLOAD.DLL
c:\program files\online services\peoplepc\ISP5900\Dll\IEDownload.exe
c:\program files\online services\peoplepc\ISP5900\Dll\INSTUTIL.DLL
c:\program files\online services\peoplepc\ISP5900\Dll\RAS.DLL
c:\program files\online services\peoplepc\ISP5900\Dll\RasSetAutoDial.dll
c:\program files\online services\peoplepc\ISP5900\Dll\Win95.dll
c:\program files\online services\peoplepc\ISP5900\Icon\ISPSetup.ico
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\BartShel.exe
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\FireWall.exe
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\IniMod.dll
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\ISPUtil8.dll
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\LogOff.dll
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\ODWabUtil.dll
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\OEUI.dll
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\PPCDialer.dll
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\PPCOLink.exe
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\PPShared.exe
c:\program files\online services\peoplepc\ISP5900\ISP50\Bin\SETUP.ICO
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\Banner.htm
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\BEGIN.BRT
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\DetectOnline.brt
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\End.brt
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\Error.brt
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\BM.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\btn_cancel_off.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\btn_cancel_on.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\btn_next_off.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\btn_next_on.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\btn_ok_off.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\btn_ok_on.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\cancel_off.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\cancel_on.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\GB.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\glassblock.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\GM.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\LE.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\LEB.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\left_corner.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\login_off.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\login_on.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\Logo_w_Tagline.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\Password.ico
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\ppc.css
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\ppc_powered.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\progress_box.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\RE.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\red_stripe.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\REG.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\reg_progress_bar_start.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\reg_progress_bar_stop.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\Setup.ico
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\SPACER.GIF
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\stylebase.css
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\transparent_topleft_corner_left.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\transparent_topleft_corner_top.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\I\whitespacer.gif
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\ISPConnect.brt
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\ISPStart.brt
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\OfflineISPStart.brt
c:\program files\online services\peoplepc\ISP5900\ISP50\Setup\Win95.sbrt
c:\program files\online services\peoplepc\ISP5900\Promo.exe
c:\program files\online services\peoplepc\ISP5900\setup.exe
c:\program files\online services\peoplepc\ISP5900\SETUP.INI
c:\program files\online services\peoplepc\ISP5900\setupx.exe
c:\program files\online services\peoplepc\ISP5900\System\ANSI\ATL.DLL
c:\program files\online services\peoplepc\ISP5900\System\ANSI\ATL70.DLL
c:\program files\online services\peoplepc\ISP5900\System\ANSI\ATL71.DLL
c:\program files\online services\peoplepc\ISP5900\System\CLOSEIE.EXE
c:\program files\online services\peoplepc\ISP5900\System\MFC42.DLL
c:\program files\online services\peoplepc\ISP5900\System\MFC70.DLL
c:\program files\online services\peoplepc\ISP5900\System\MFC71.DLL
c:\program files\online services\peoplepc\ISP5900\System\MSVCIRT.DLL
c:\program files\online services\peoplepc\ISP5900\System\MSVCP60.DLL
c:\program files\online services\peoplepc\ISP5900\System\MSVCP70.DLL
c:\program files\online services\peoplepc\ISP5900\System\MSVCP71.DLL
c:\program files\online services\peoplepc\ISP5900\System\MSVCR70.DLL
c:\program files\online services\peoplepc\ISP5900\System\MSVCR71.DLL
c:\program files\online services\peoplepc\ISP5900\System\MSVCRT.DLL
c:\program files\online services\peoplepc\ISP5900\System\POP3.INS
c:\program files\online services\peoplepc\ISP5900\System\PopWait.exe
c:\program files\online services\peoplepc\ISP5900\System\PPCOUNIN.EXE
c:\program files\online services\peoplepc\ISP5900\System\PPCRunOnce.exe
c:\program files\online services\peoplepc\ISP5900\System\RasWait.exe
c:\program files\online services\peoplepc\ISP5900\System\RegHero.exe
c:\program files\online services\peoplepc\ISP5900\System\RPCRT4.DLL
c:\program files\online services\peoplepc\ISP5900\System\SENSAPI.DLL
c:\program files\online services\peoplepc\ISP5900\System\SetPop3.exe
c:\program files\online services\peoplepc\ISP5900\System\SETUPAPI.DLL
c:\program files\online services\peoplepc\ISP5900\System\UniCode\ATL.DLL
c:\program files\online services\peoplepc\ISP5900\System\UniCode\ATL70.DLL
c:\program files\online services\peoplepc\ISP5900\System\UniCode\ATL71.DLL
c:\program files\online services\peoplepc\ISP5900\System\unPPC.exe
c:\program files\online services\peoplepc\ISP5900\System\WININET.DLL
c:\program files\online services\peoplepc\ISP5900\Utilities\AtlBrowser.exe
c:\program files\online services\peoplepc\ISP5900\Utilities\DLocations.exe
c:\program files\online services\peoplepc\ISP5900\Utilities\EULA.exe
c:\program files\online services\peoplepc\ISP5900\Utilities\eula.txt
c:\program files\online services\peoplepc\ISP5900\Utilities\NAVWarn.exe
c:\program files\online services\peoplepc\ISP5900\Utilities\PPCODIAG.EXE
c:\program files\online services\peoplepc\ISP5900\Utilities\PPCODUN.exe
c:\program files\online services\peoplepc\ISP5900\Utilities\SCR55EN.EXE
c:\program files\online services\peoplepc\ISP5900\Utilities\SCR56EN.EXE
c:\program files\online services\peoplepc\ISP5900\Utilities\scripten2KXP.exe
c:\program files\online services\peoplepc\ISPUtil8.dll
c:\program files\online services\peoplepc\peoplepc.ini
c:\program files\online services\peoplepc\PhoneBook.dll
c:\program files\online services\peoplepc\PPCInstall.dll
c:\program files\online services\peoplepc\PPCLog.dll
c:\program files\online services\peoplepc\Setup.brt
c:\program files\online services\peoplepc\Setup.exe
c:\program files\online services\peoplepc\SETUP.INI
c:\program files\online services\peoplepc\SmartDialer\CallRecordManager\CallRecord.dll
c:\program files\online services\peoplepc\SmartDialer\CallRecordManager\CallRecords\callrec.dat
c:\program files\online services\peoplepc\SmartDialer\DLL\autodial.dll
c:\program files\online services\peoplepc\SmartDialer\DLL\CustomDial.dll
c:\program files\online services\peoplepc\SmartDialer\DLL\Dialer.dll
c:\program files\online services\peoplepc\SmartDialer\Locations\Locations.dll
c:\program files\online services\peoplepc\SmartDialer\Phonebooks\Nanpa.csv
c:\program files\online services\peoplepc\SmartDialer\Phonebooks\pbook.xml
c:\program files\online services\peoplepc\SmartDialer\Phonebooks\PhoneBook.dll
c:\program files\online services\peoplepc\SmartDialer\Updates\dir.dat
c:\program files\online services\peoplepc\SmartDialer\Users\Users.dll
c:\program files\online services\peoplepc\System\ANSI\ATL.DLL
c:\program files\online services\peoplepc\System\ANSI\ATL70.DLL
c:\program files\online services\peoplepc\System\ANSI\ATL71.DLL
c:\program files\online services\peoplepc\System\PopWait.exe
c:\program files\online services\peoplepc\System\PPCInfo.exe
c:\program files\online services\peoplepc\System\PPCOUNIN.exe
c:\program files\online services\peoplepc\System\ppcpanel.cpl
c:\program files\online services\peoplepc\System\ppcwebi.dll
c:\program files\online services\peoplepc\System\Redist\MFC42.DLL
c:\program files\online services\peoplepc\System\Redist\MFC71.DLL
c:\program files\online services\peoplepc\System\Redist\MSVCIRT.DLL
c:\program files\online services\peoplepc\System\Redist\MSVCP60.DLL
c:\program files\online services\peoplepc\System\Redist\MSVCP71.DLL
c:\program files\online services\peoplepc\System\Redist\MSVCR71.DLL
c:\program files\online services\peoplepc\System\Redist\MSVCRT.DLL
c:\program files\online services\peoplepc\System\Redist\SENSAPI.DLL
c:\program files\online services\peoplepc\System\Redist\WININET.DLL
c:\program files\online services\peoplepc\System\RegHero.exe
c:\program files\online services\peoplepc\System\unACC.exe
c:\program files\online services\peoplepc\System\Unicode\ATL.DLL
c:\program files\online services\peoplepc\System\Unicode\ATL70.DLL
c:\program files\online services\peoplepc\System\Unicode\ATL71.DLL
c:\program files\online services\peoplepc\System\unMAX.exe
c:\program files\online services\peoplepc\System\unPPC.exe
c:\program files\online services\peoplepc\System\unPPC6000.exe
c:\program files\online services\peoplepc\Utilities\Msdun13.exe
c:\program files\online services\peoplepc\Utilities\PPCODUN.exe
c:\program files\online services\peoplepc\Utilities\PPCRestore.exe
c:\program files\online services\peoplepc\Utilities\SCR55EN.EXE
c:\program files\online services\peoplepc\Utilities\scr56en.exe
c:\program files\online services\peoplepc\Utilities\scripten2KXP.exe
c:\program files\online services\peoplepc\Utilities\Windows-KB890830-V1.4-ENU.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-20 20:56 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-19 16:10 . 2009-12-19 16:10 -------- d-----w- c:\program files\MSXML 6.0
2009-12-19 08:16 . 2009-12-19 08:16 -------- d-----w- c:\windows\ServicePackFiles
2009-12-18 23:47 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:47 . 2009-12-18 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:47 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 02:41 . 2009-12-16 02:41 42192 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-06 21:14 . 2009-12-06 21:14 -------- d-sh--w- c:\documents and settings\Guest\IECompatCache
2009-11-22 23:09 . 2009-11-22 23:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-22 20:05 . 2009-11-22 20:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 06:46 . 2006-08-08 09:17 50448 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-20 20:56 . 2008-06-29 05:59 -------- d-----w- c:\program files\Panda Security
2009-12-19 16:14 . 2009-12-19 16:14 -------- d-----w- c:\program files\MSBuild
2009-12-19 16:14 . 2009-12-19 16:14 -------- d-----w- c:\program files\Reference Assemblies
2009-12-19 16:07 . 2009-01-18 21:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-10 04:32 . 2009-03-24 02:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 23:49 . 2007-01-21 01:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Netscape
2009-12-06 23:49 . 2006-08-08 09:11 -------- d-----w- c:\program files\Rhapsody
2009-11-18 02:04 . 2008-12-27 23:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-14 03:36 . 2009-11-14 03:35 -------- d-----w- c:\program files\iTunes
2009-11-14 03:36 . 2009-11-14 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 03:35 . 2009-11-14 03:35 -------- d-----w- c:\program files\iPod
2009-11-14 03:35 . 2008-12-25 22:53 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 03:32 . 2009-11-14 03:32 -------- d-----w- c:\program files\Bonjour
2009-11-14 03:31 . 2008-12-25 22:54 -------- d-----w- c:\program files\QuickTime
2009-11-14 03:29 . 2009-11-14 03:29 -------- d-----w- c:\program files\Apple Software Update
2009-11-02 01:15 . 2008-02-08 03:49 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks
2009-11-02 00:57 . 2009-11-02 00:57 291696 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2009-11-02 00:57 . 2008-02-08 03:49 36948 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Juniper Networks\setup\uninstall.exe
2009-10-29 07:46 . 2004-08-10 04:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-11-17 01:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 04:58 . 2009-10-29 04:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-26 19:05 . 2008-11-06 15:24 -------- d-----w- c:\documents and settings\Guest\Application Data\Move Networks
2009-10-21 06:00 . 2004-08-10 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-10 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-10 04:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-10 04:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-10 04:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-10 04:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-29 02:09 . 2009-09-29 02:09 127872 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\uninstall.exe
2009-09-29 02:09 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-29 02:09 . 2009-09-29 02:09 1686272 ----a-w- c:\documents and settings\Guest\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-26 07:00 . 2009-09-26 07:00 17204720 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\rp\.exe
2009-09-26 07:00 . 2009-09-26 07:00 8406648 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-26 06:59 . 2009-09-26 06:59 10309448 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-26 06:58 . 2009-09-26 06:58 64000 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-26 06:58 . 2009-09-26 06:58 52288 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-26 06:58 . 2009-09-26 06:58 50688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-26 06:58 . 2009-09-26 06:58 114688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-26 06:58 . 2008-04-22 14:46 488968 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\setup.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-12-20_20.44.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-21 16:32 . 2009-12-21 16:32 16384 c:\windows\temp\Perflib_Perfdata_734.dat
+ 2005-08-31 04:07 . 2009-12-21 06:44 71732 c:\windows\system32\perfc009.dat
- 2005-08-31 04:07 . 2009-12-20 11:12 71732 c:\windows\system32\perfc009.dat
+ 2005-08-31 04:07 . 2009-12-21 06:44 442466 c:\windows\system32\perfh009.dat
- 2005-08-31 04:07 . 2009-12-20 11:12 442466 c:\windows\system32\perfh009.dat
+ 2009-08-04 22:06 . 2009-08-04 22:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/20/2009 12:56 PM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/23/2009 6:28 PM 108289]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2/27/2007 7:00 PM 11648]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchURL = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: sharp.com\owa
DPF: {6D5AD93A-F4E2-411F-87E2-9015D0084E12} - hxxps://sharpnet.sharp.com/,DanaInfo=sharpnet.sharp.com+SharpNetCheckUser.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 09:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1804122254-4121809227-881765876-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-21 09:41:16
ComboFix-quarantined-files.txt 2009-12-21 17:41
ComboFix2.txt 2009-12-20 20:46
ComboFix3.txt 2009-12-20 07:24
ComboFix4.txt 2009-12-19 01:23
ComboFix5.txt 2009-12-21 17:27

Pre-Run: 217,269,420,032 bytes free
Post-Run: 217,201,229,824 bytes free

- - End Of File - - E100855F84D93E2BE6A7F428312BF34C
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-22-2009, 02:59 AM   #19 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 28,100
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: TR/Dldr.Zlob.iyt.1 virus
Hi again

All your logs are clean. If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.



The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /Uninstall



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.


Ad-aware 2008 Free Edition
Download and install Ad-Aware 2008 Free Edition. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems. Care: SnoopFree and Comodo do not play well together.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Chrome
Maxthon
Safari

Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall for XP does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm



Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.


Web of Trust
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.


ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system.


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-22-2009, 10:44 AM   #20 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 39
OS: win xp


Re: TR/Dldr.Zlob.iyt.1 virus
Right, thanks, Iain. Everything's tidied up. Happy Christmas!
dredla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:34 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2010, Tech Support Forum
Auto Support Forum | Brew Plus | Freemason Hall | Outdoor BaseCamp
Home Tips Plus | Herbalist Hut | Father Adviser | Budget Clowns

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84